Verified iptables firewall analysis

Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

21 Zitate (Scopus)

Abstract

We present a fully verified firewall ruleset analysis framework. Ultimately, it computes minimal service matrices, i.e. graphs which partition the complete IPv4 address space and visualize the allowed accesses between partitions for a fixed service. Internally, we are working with a simplified firewall model and a core contribution is the translation of complex real-world iptables firewall rules into this model. The presented algorithms and translation are formally proven correct with the Isabelle theorem prover. A real-world evaluation demonstrates the applicability of our tool. Both the iptables-save datasets and the Isabelle formalization are publicly available.

OriginalspracheEnglisch
Titel2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten252-260
Seitenumfang9
ISBN (elektronisch)9783901882838
DOIs
PublikationsstatusVeröffentlicht - 21 Juni 2016
Veranstaltung2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016 - Vienna, Österreich
Dauer: 17 Mai 201619 Mai 2016

Publikationsreihe

Name2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016

Konferenz

Konferenz2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016
Land/GebietÖsterreich
OrtVienna
Zeitraum17/05/1619/05/16

Fingerprint

Untersuchen Sie die Forschungsthemen von „Verified iptables firewall analysis“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren