Decision diagrams for XACML policy evaluation and management
One of the primary challenges to apply the XACML access control policy language in
applications is the performance problem of policy evaluation engines, particularly when they …
applications is the performance problem of policy evaluation engines, particularly when they …
A formal model for network-wide security analysis
J Rab, P Matousek, O Rysavy… - 15th Annual IEEE …, 2008 - ieeexplore.ieee.org
Network designers perform challenging tasks with so many configuration options that it is
often hard or even impossible for a human to predict all potentially dangerous situations. In …
often hard or even impossible for a human to predict all potentially dangerous situations. In …
Improving NFA-based signature matching using ordered binary decision diagrams
Network intrusion detection systems (NIDS) make extensive use of regular expressions as
attack signatures. Internally, NIDS represent and operate these signatures using finite …
attack signatures. Internally, NIDS represent and operate these signatures using finite …
PfComp: A Verified Compiler for Packet Filtering Leveraging Binary Decision Diagrams
We present PfComp, a verified compiler for stateless firewall policies. The policy is first
compiled into an intermediate representation taking the form of a binary decision diagram …
compiled into an intermediate representation taking the form of a binary decision diagram …
Multi-data-types interval decision diagrams for XACML evaluation engine
XACML policy evaluation efficiency is an important factor influencing the overall system
performance, especially when the number of policies grows. Some existing approaches on …
performance, especially when the number of policies grows. Some existing approaches on …
Fast, memory-efficient regular expression matching with NFA-OBDDs
Modern network intrusion detection systems (NIDS) employ regular expressions as attack
signatures. Internally, NIDS represent and operate these regular expressions as finite …
signatures. Internally, NIDS represent and operate these regular expressions as finite …
Protection of Network Security Selector Secrecy in Outsourced Network Testing
With the emergence and fast development of cloud computing and outsourced services,
more and more companies start to use managed security service providers (MSSP) as their …
more and more companies start to use managed security service providers (MSSP) as their …
Graph-based data search
BD Hanner, J Amanatullah, TCM Wu - US Patent 8,442,931, 2013 - Google Patents
Computer based systems and methods for searching data transiting a network using a graph-
based search model. A set of rules that describe strings or patterns of data to be identified in …
based search model. A set of rules that describe strings or patterns of data to be identified in …
An Open Source Solution for Testing NAT'd and Nested iptables Firewalls.
RM Marmorstein, P Kearns - LISA, 2005 - usenix.org
As firewalls have increased in power and flexibility, the complexity of configuring them
correctly has grown significantly. An error in the firewall configuration can compromise the …
correctly has grown significantly. An error in the firewall configuration can compromise the …
[图书][B] Formal analysis of firewall policies
RM Marmorstein - 2008 - search.proquest.com
This dissertation describes a technique for formally analyzing a firewall security policy using
a quasi-reduced multiway decision diagram model. The analysis allows a system …
a quasi-reduced multiway decision diagram model. The analysis allows a system …