| Computer Science Laboratory | |
| Contact | |
 | People at CSL |
| Projects at CSL |
| Research Programs |
| Division Home | |
 Automatic Analysis of Firewall and Network Intrusion Detection System Configurations by Dr. Steven Cheung & Dr. Tomas Uribe. From Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering Abstract Given a network that deploys multiple firewalls and network intrusion detection systems (NIDSs), ensuring that these security components are correctly configured is a challenging problem. Although models have been developed to reason independently about the effectiveness of firewalls and NIDSs, there is no common framework to analyze their interaction. This paper presents an integrated, constraint-based approach for modeling and reasoning about these configurations. Our approach considers the dependencies among the two types of components, and can reason automatically about their combined behavior. We have developed a tool for the specification and verification of networks that include multiple firewalls and NIDSs, based on this approach. This tool can also be used to automatically generate NIDS configurations that are optimal relative to a given cost function.BibTEX Entry @InProceedings{Uribe:2004:NetConfig,
title = "Automatic Analysis of Firewall and Network Intrusion
Detection System Configurations",
author = "Tom{\'a}s E. Uribe and Steven Cheung",
booktitle = "Proceedings of the 2004 ACM Workshop on Formal Methods in
Security Engineering",
location = "Washington, D.C.",
month = oct # "~29",
year = 2004,
pages = "66--74"
}
|
||||
About Us 
R&D Divisions
Careers
Newsroom
Contact Us
©
2025 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy