Towards the goal of correct firewalls, this book focuses on the following two fundamental problems: first, how to design a new firewall such that the number of errors introduced in the design phase is small; second, how to analyze an existing firewall such that we can detect errors that have been built in. For firewall design, we present two methods for designing stateless firewalls, namely the method of structured firewall design and the method of diverse firewall design, and a model for specifying stateful firewalls. For firewall analysis, we present two methods, namely firewall queries and firewall redundancy detection. The firewall design and analysis methods presented in this book are not limited to just firewalls. Rather, they are extensible to other rule-based systems such as general packet classification systems and IPsec.
|
You are using an insecure version of your web browser. Please update your browser!
Using an outdated browser makes your computer unsafe. For a safer, faster, more enjoyable user experience, please update your browser today or try a newer browser.
|