loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Claas Lorenz 1 and Bettina Schnor 2

Affiliations: 1 genua mbh and Potsdam University, Germany ; 2 Potsdam University, Germany

ISBN: 978-989-758-117-5

Keyword(s): Security, Firewalls, IPv6, Model-Checking.

Related Ontology Subjects/Areas/Topics: Formal Methods for Security ; Information and Systems Security ; Network Security ; Security in Distributed Systems ; Security Verification and Validation ; Wireless Network Security

Abstract: Concerning the design of a security architecture, Firewalls play a central role to secure computer networks. Facing the migration of IPv4 to IPv6, the setup of capable firewalls and network infrastructures will be necessary. The semantic differences between IPv4 and IPv6 make misconfigurations possible that may cause a lower performance or even security problems. For example, a cycle in a firewall configuration allows an attacker to craft network packets that may result in a Denial of Service. This paper investigates model checking techniques for automated policy anomaly detection. It shows that with a few adoptions existing approaches can be extended to support the IPv6 protocol with its specialities like the tremendously larger address space or extension headers. The performance is evaluated empirically by measurements with our prototype implementation ad6.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.204.191.31

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Lorenz, C. and Schnor, B. (2015). Policy Anomaly Detection for Distributed IPv6 Firewalls.In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 210-219. DOI: 10.5220/0005517402100219

@conference{secrypt15,
author={Claas Lorenz. and Bettina Schnor.},
title={Policy Anomaly Detection for Distributed IPv6 Firewalls},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={210-219},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005517402100219},
isbn={978-989-758-117-5},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Policy Anomaly Detection for Distributed IPv6 Firewalls
SN - 978-989-758-117-5
AU - Lorenz, C.
AU - Schnor, B.
PY - 2015
SP - 210
EP - 219
DO - 10.5220/0005517402100219

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.