Publication Details
Static Analysis of Routing and Firewall Policy Configurations
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
De Silva Gayan (FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Ráb Jaroslav, Ing. (DIFS FIT BUT)
Reachability, routing, filtering, forwarding
Network design that meets customer's security requirements needs careful considerations when configuring routing and filtering rules. This paper deals with an approach to security analysis based on reachability calculations in dynamically routed networks. The contribution consists of proposing routing abstract model that enables to extend existing reachability analysis approaches to obtain a finer approximation. This approximation captures the effect of routing on packets forwarding. Thus in the combination with reachability calculations based on packet filtering analysis it provides valuable information for a network designer on possible security issues in designed network.
@INPROCEEDINGS{FITPUB9876,
author = "Miroslav \v{S}v\'{e}da and Ond\v{r}ej Ry\v{s}av\'{y} and Gayan Silva De and Petr Matou\v{s}ek and Jaroslav R\'{a}b",
title = "Static Analysis of Routing and Firewall Policy Configurations",
pages = "39--53",
booktitle = "e-Business and Telecommunications",
series = "LNCS CCIS, Vol.222",
journal = "Communications in Computer and Information Science",
volume = 2012,
number = 222,
year = 2012,
location = "Heidelberg, DE",
publisher = "Springer Science+Business Media B.V.",
ISBN = "978-3-642-25205-1",
ISSN = "1865-0929",
doi = "10.1007/978-3-642-25206-8\_2",
language = "english",
url = "https://www.fit.vut.cz/research/publication/9876"
}