Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems

Volumn 22, Issue 4, 2004, Pages 381-420

  Bartal, Yair ^a   Mayer, Alain ^b   Nissim, Kobbi ^c   Wool, Avishai ^d  

^a HEBREW UNIVERSITY OF JERUSALEM   (Israel)

^b CenterRun Inc   (United States)

^c MICROSOFT RESEARCH   (United States)

^d TEL AVIV UNIVERSITY   (Israel)

Author keywords

[No Author keywords available]

Indexed keywords

FIREWALL MANAGEMENT; MODEL DEFINITION LANGUAGE; SECURITY POLICY;

COMPUTER PROGRAMMING LANGUAGES; GATEWAYS (COMPUTER NETWORKS); INTRANETS; MATHEMATICAL MODELS; PROGRAM COMPILERS; SECURITY OF DATA; TOPOLOGY; VISUALIZATION;

COMPUTER SYSTEM FIREWALLS;

EID: 10944269775     PISSN: 07342071     EISSN: None     Source Type: Journal    
DOI: 10.1145/1035582.1035583     Document Type: Article

References (33)

1. AHUJA, R. K., MAGNANTI, T. L., AND ORLIN, J. B. 1993. Network Flows: Theory, Algorithms, and Applications. Prentice-Hall, Upper Saddle River, New Jersey.
2. BARTAL, Y., MAYER, A., NISSIM, K., AND WOOL, A. 1999. Firmato: A novel firewall management toolkit. In Proceedings of the 20th IEEE Symp. on Security and Privacy. IEEE, Oakland, CA. 17-31.
3. BELLOVIN, S. M. 1999. Distributed firewalls. ;login: The Magazine of USENIX & SAGE. 39-47.
4. CARNEY, M, AND LOE, B, 1998. A comparison of methods for implementing adaptive security policies. In Proceedings of the 7th USENIX Security Symposium. Usenix Association, Berkeley. 1-14.
5. CHAPMAN, D. B. AND ZWICKY, E. D. 1995. Building Internet Firewalls. O'Reilly & Associates, Inc.
6. CHAPMAN, D. W. AND FOX, A. 2001. Cisco Secure PIX Firewalls. Cisco Press.
7. CHESWICK, W. R., BELLOVIN, S. M., AND RUBIN, A. 2003. Firewalls and Internet Security: Repelling the Wily Hacker, 2nd ed. Addison-Wesley.
8. DOT. 2001. Graphviz - open source graph drawing software. version 1.7. http://www.research.att.com/sw/tools/graphviz/.
9. FWB 2002. Firewall builder. http://www.fwbuilder.org.
10. GANSNER, E. R., KOUTSOFIOS, E., NORTH, S. C., AND VO, K.-P. 1993. A technique for drawing directed graphs. IEEE Trans. Softw. Eng. 19, 3, 214-230.
11. GAREY, M. R. AND JOHNSON, D. S. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco.
12. GUTTMAN, J. D. 1997. Filtering postures: Local enforcement for global policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Oakland, CA.
13. GUTTMAN, J. D. 2001. Security goals: Packet trajectories and strand spaces. In Foundations of Security Analysis and Design (FOSAD), LNCS 2171. Springer-Verlag.
14. GUTTMAN, J. D., HERZOG, A., AND JAVIER THAYER, F. 2000. Authentication and confidentiality via IPsec. In Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS), LNCS 1895. Springer-Verlag.
15. HELD, G. AND HUNDLEY, K. 1999. Cisco Access Lists. McGraw-Hill.
16. HINRICHS, S. 1999. Policy-based management: Bridging the gap. In Proceedings of the 15th Annual Computer Security Applications Conference. Phoenix, AZ.
17. HLFL 2002. HLFL - high level firewall language. http://www.hlfl.org.
18. HOWE, C. D., ERWIN, B., BARTH, C., AND ELLIOT, S. 1996. What's beyond firewalls? The Forrester Report 10, 12 (Nov.).
19. ICSA LABS. 2003. Certified firewall products. http://www.icsalabs.com/ html/communities/firewalls/certification/rxvendors/index.shtml.
20. IOANNIDIS, S., KEROMYTIS, A. D., BELLOVIN, S. M., AND SMITH, J. M. 2000. Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS). ACM, Athens, Greece.
21. LAMPSON, B., ABADI, M., BURROWS, M., AND WOBBER, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst. 10, 4 (Nov.), 265-310.
22. LIMONCELLI, T. A. 1999. Tricks you can do if your firewall is a bridge. In First USENIX Conference on Network Administration (NETA). USENIX, Santa Clara, CA.
23. LUCENT 2002. Lucent VPN firewall brick. http://www.lucent.com/security.
24. MAYER, A., WOOL, A., AND ZISKIND, E. 2000. Fang: A firewall analysis engine. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Oakland, CA. 177-187.
25. REED, D. 2002. Filter language compiler. http://cheops.anu.edu.au/ ~avalon/flc.html.
26. RUBIN, A., GEER, D., AND RANUM, M. 1997. Web Security Sourcebook. Wiley Computer Publishing.
27. SANDHU, R. S. 1998. Role-based access control. In Advances in Computers, M. Zerkowitz, Ed. Vol. 48. Academic Press.
28. SOLSOFT. 2000. Solsoft NP: Putting security policies into practice. Enterprise Management Associates white paper. http://www.solsoft.com/library/ ema_profiler.pdf.
29. SWIFT, M. M., HOPKINS, A., BRUNDRETT, P., VAN DYKE, C., GARG, P., CHAN, S., GOERTZEL, M., AND JENSENWORTH, G. 2002. Improving the granularity of access control for Windows 2000. ACM Trans. Info. Syst. Secu. 5, 4 (Nov.), 398-437.
30. WELCH-ABERNATHY, D. D. 2002. Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshooting Guide. Addison-Wesley.
31. WOOL, A. 2001. Architecting the Lumeta firewall analyzer. In 10th USENIX Security Symposium. USENIX, Washington, D.C. 85-97.
32. WOOL, A. 2004a. The use and usability of direction-based filtering in firewalls. Computers & Security 23, 6, 459-468.
33. WOOL, A. 2004b. A quantitative study of firewall configuration errors. IEEE Computer 37, 6, 62-67.