Run-Time Protocol Conformance Verification In Firewalls
نویسنده
چکیده
Today, business continuity depends significantly on the continuous availability of information systems. It is well-known that such systems must be protected against intrusion and denial of service attacks. Historically, many of such attacks used illformed data-packets and/or protocol runs, which did not conform to the protocols’ standards. Attackers exploited vulnerabilities of the protocols’ implementations in the servers’ operating systems: conformance with protocol standards was not tested properly. Prominent examples are: the ping of death, the land attack, the SYN flood attack . To protect information systems better, one should aim to recognize and block such attacks as early as possible, i.e. already in a firewall at a company network’s border. We will discuss in this paper the design of a run-time protocol-verifier and data-packet sanity-checker we will use to complement the Intelligent Firewall, which is currently developed in the Janus project. The presented concepts are, however, generic and applicable to any firewall.
منابع مشابه
A Verifiable Logic-Based Agent Architecture
In this paper, we present the SCIFF platform for multi-agent systems. The platform is based on Abductive Logic Programming, with a uniform language for specifying agent policies and interaction protocols. A significant advantage of the computational logic foundation of the SCIFF framework is that the declarative specifications of agent policies and interaction protocols can be used directly, at...
متن کاملFormal Verification of Communication Protocols in Distributed Systems
In distributed applications, software components embedded in the communication protocols collectively provide the interaction and functionality among various parts that run on the common pervasive platform. However, software components, as the target for the most of the changes, are expected to carry majority of the design faults. Hence, their verified conformance to the specification (correctn...
متن کاملFormal firewall conformance testing: an application of test and proof techniques
fo r yo ur pe rs on al us e. N ot fo r re di st rib ut io n. Th e de fin iti ve ve rs io n w as pu bl is he d in So ftw ar e Te st in g, Ve ri fic at io n & Re lia bi lit y (S TV R) ,p p. 1– 40 ,2 01 4. SOFTWARE TESTING, VERIFICATION AND RELIABILITY Softw. Test. Verif. Reliab. 2014; 00:1–40 Published online in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/stvr Formal Firewall Co...
متن کاملSteering of Discrete Event Systems: Control Theory Approach
Runtime verification involves monitoring the system at runtime to check for conformance of the execution trace to user defined safety properties. Typically, run-time verifiers do not assume a system model and hence cannot predict violations until they occur. This limits the practical applicability of runtime verification. Steering is the process of predicting the occurrence of violations and pr...
متن کاملFT-FW: A cluster-based fault-tolerant architecture for stateful firewalls
Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we sum...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004