Title :
Tree Automata Based Semantics of Firewalls
Author_Institution :
LORIA, Univ. Henri Poincare, Villers-les-Nancy, France
Abstract :
Security constitutes a crucial concern in modern information systems. Several aspects are involved, such as user authentication (establishing and verifying users´ identity), cryptology (changing secrets into unintelligible messages and back to the original secrets after transmission) and security policies (preventing illicit or forbidden accesses from users to information). Firewalls are a core element of network security policies, that is why their analysis has drawn many attention over the past decade. In this paper, we propose a new approach for analyzing firewalls, based on tree automata techniques: we show that the semantics of any process composing a firewall (including the network address translation functionality) can be expressed as a regular set or relation and thus can be denoted by a tree automaton. We also investigate abilities opened by tree automata based representations of the semantics of firewalls.
Keywords :
authorisation; automata theory; computer network security; cryptology; firewall semantics; modern information systems; network address translation functionality; network security policy; tree automata; user authentication; Automata; Fires; IP networks; Matched filters; Network address translation; Security; Semantics;
Conference_Titel :
Network and Information Systems Security (SAR-SSI), 2011 Conference on
Conference_Location :
La Rochelle
Print_ISBN :
978-1-4577-0735-3
DOI :
10.1109/SAR-SSI.2011.5931363
