Filters








568 Hits in 7.4 sec

Case Studies of SCADA Firewall Configurations and the Implications for Best Practices

Dinesha Ranathunga, Matthew Roughan, Hung Nguyen, Phil Kernick, Nickolas Falkner
2016 IEEE Transactions on Network and Service Management  
Lack of automation tools to assist with this critical task has resulted in unoptimised, error prone configurations that expose these networks to cyber attacks.  ...  But these best practices lack specification in several key aspects needed to allow a firewall to be automatically configured.  ...  Morris Sloman and anonymous reviewers for their insightful feedback.  ... 
doi:10.1109/tnsm.2016.2597245 fatcat:thc3rjhdfjd6ria5mmtvrbjkpa

FIREMAN: a toolkit for firewall modeling and analysis

Lihua Yuan, Hao Chen, Jianning Mai, Chen-Nee Chuah, Zhendong Su, P. Mohapatra
2006 2006 IEEE Symposium on Security and Privacy (S&P'06)  
We have experimented with FIREMAN and used it to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these  ...  Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security.  ...  First, a production network may consist of firewall products from different vendors, each with their own configuration languages and operation models.  ... 
doi:10.1109/sp.2006.16 dblp:conf/sp/YuanMSCCM06 fatcat:67wnfy3z5nbvtjnje5hwa4pit4

Taking the Edge off with Espresso

Kok-Kiong Yap, Ankur Jain, Victor Lin, Colin Rice, Brian Rogan, Arjun Singh, Bert Tanaka, Manish Verma, Puneet Sood, Mukarram Tariq, Matt Tierney, Murtaza Motiwala (+13 others)
2017 Proceedings of the Conference of the ACM Special Interest Group on Data Communication - SIGCOMM '17  
Espresso has been in production for two years and serves over 22% of Google's total traffic to the Internet.  ...  Overall, Espresso provides Google a scalable peering edge that is programmable, reliable, and integrated with global traffic systems.  ...  ACKNOWLEDGMENT Many teams has contributed to the success of Espresso and it would be impossible to list everyone that has helped make the project successful.  ... 
doi:10.1145/3098822.3098854 dblp:conf/sigcomm/YapMRPHBHKNJLRR17 fatcat:gbbobair4raa3oycysvy6sw3si

VISCR: Intuitive Conflict-free Automation for Securing the Dynamic Consumer IoT Infrastructures [article]

Vasudevan Nagendra, Arani Bhattacharya, Vinod Yegneswaran, Amir Rahmati, Samir R Das
2019 arXiv   pre-print
Using the two, VISCR can automatically detect rouge policies, conflicts, and bugs for coherent automation.  ...  In terms of performance, VISCR can generate 400 abstraction trees (used in specifying policies) with 100K leaf nodes in <1.2sec.  ...  Similar techniques have also been used for detecting bugs and vulnerabilities in network configurations [46, 47] .  ... 
arXiv:1907.13288v1 fatcat:7idm4hiehfavniohlv5ymrzw3u

Neural language models for network configuration: Opportunities and reality check [article]

Zied Ben Houidi, Dario Rossi
2022 arXiv   pre-print
By extension, NLP has potential for application to network configuration languages as well, for instance considering tasks such as network configuration verification, synthesis, and cross-vendor translation  ...  and expected performance, and qualitatively assess whether similar techniques can benefit corresponding use-cases in networking.  ...  ACL rule configuration updates.  ... 
arXiv:2205.01398v2 fatcat:wguzrmqf3zcm7mfjkpgso3ggoe

Identifying the Missing Aspects of the ANSI/ISA Best Practices for Security Policy

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen
2015 Proceedings of the 1st ACM Workshop on Cyber-Physical System Security - CPSS '15  
ANSI best practices lack specification in several key aspects needed to allow a firewall to be automatically configured.  ...  Firewall configuration is a critical activity for the Supervisory Control and Data Acquisition (SCADA) networks that control power stations, water distribution, factory automation, etc.  ...  It involves training in proprietary and device specific configuration languages and long and complex device configurations.  ... 
doi:10.1145/2732198.2732201 dblp:conf/ccs/RanathungaRKFN15 fatcat:zjsjz4s7ybao3aplc7nlebcmkq

Mobeet: A Multi-agent Framework for Ubiquitous Information Systems [chapter]

Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden
2005 Lecture Notes in Computer Science  
In recent years, the rapid development of network infrastructure and the spread of terminals capable of network access have made it possible to access networks at any place and at any time.  ...  Ubiquitous information systems, in which necessary information can be accessed easily and safely at any place, are becoming an important issue.  ...  The PA communicates with other agents by using the Agent Communication Language (ACL [4, 5] ).  ... 
doi:10.1007/11426714_2 fatcat:qyjxld3e4neklgjz473cqsyb4i

The Mathematical Foundations for Mapping Policies to Network Devices

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner
2016 Proceedings of the 13th International Joint Conference on e-Business and Telecommunications  
We show the value of our proposed algebras in maintaining concise network-device configurations by applying them to real-world networks.  ...  A common requirement in policy specification languages is the ability to map policies to the underlying network devices.  ...  ACKNOWLEDGEMENTS This project was supported by an Australian Postgraduate Award, Australian Research Council Linkage Grant LP100200493 and CQR Consulting.  ... 
doi:10.5220/0005946201970206 dblp:conf/secrypt/RanathungaRKF16 fatcat:u2oejodsezg7th3lj3lrl3v7xy

A secure plan

M. Hicks, A.D. Keromytis, J.M. Smith
2003 IEEE Transactions on Systems Man and Cybernetics Part C (Applications and Reviews)  
Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [2], with an environment of general-purpose service routines governed by trust management  ...  The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture.  ...  Moore, and T. Jim for helpful discussions concerning this work, and the anonymous referees for providing useful feedback. We would also like to thank T.  ... 
doi:10.1109/tsmcc.2003.817347 fatcat:7r5fd3b72zdytajaprysju47cm

A Secure Plan [chapter]

Michael Hicks, Angelos D. Keromytis
1999 Lecture Notes in Computer Science  
Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [2], with an environment of general-purpose service routines governed by trust management  ...  The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture.  ...  Moore, and T. Jim for helpful discussions concerning this work, and the anonymous referees for providing useful feedback. We would also like to thank T.  ... 
doi:10.1007/978-3-540-48507-0_28 fatcat:yhwmyta2bzetzgqz5v5ve25q2y

Agents for the masses

J.M. Bradshaw, M. Greaves, H. Holmback, T. Karygiannis, W. Jansen, B.G. Silverman, N. Suri, A. Wong
1999 IEEE Intelligent Systems and their Applications  
Significantly, the current trapped state of our agents has less to do with lack of mobility mechanisms than with their unpreparedness to work fully in the open world of cyberspace and to interoperate outside  ...  Advances in the difficult theoretical issues of dynamic agent communication, coordination, and control are beginning to let us better understand how to deploy large numbers of agents with confidence.  ...  Finally, with explicit policies governing different types of agent behavior, we can begin to understand and predict how policies would compose with one another, and how we might automatically generate  ... 
doi:10.1109/5254.757632 fatcat:cxox4xlaqnewnmdkvee4isaylq

Smart Contracts for Distributed Databases

Olaf Pichler, Vincent Heuveline, Holger Fröning
2020 Zenodo  
In order to realize communication between Smart Contracts and distributed databases, in an accessible way, the Smart Contract Application Language for Databases (SCALD) is designed.  ...  The basic concept of ETHVAM and SCALD is demonstrated with simple application examples in this work. Furthermore, the security of this system is evaluated and possible vulnerabilities are identified.  ...  The entry is only readable by the author and the validator who will approve the entry. The ACLs allow only the client to update the entry in a ten days period beginning with the entry's creation.  ... 
doi:10.5281/zenodo.3753306 fatcat:w5ont556i5gvjaikfi2t5wf5zu

Role of Device Identification and Manufacturer Usage Description in IoT security: A Survey

Noman Mazhar, Rosli Salleh, Muhammad Zeeshan, M. Muzaffar Hameed
2021 IEEE Access  
The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions.  ...  This paper initially identifies and classifies the potential vulnerabilities in IoT devices.  ...  ACKNOWLEDGMENT The authors of this research would like to thank the anonymous reviewers for the valuable comments and constructive suggestions, and their insights to improve the quality of the manuscript  ... 
doi:10.1109/access.2021.3065123 fatcat:5gofmkoawbccvhum5zuo3i7vya

The Mathematical Foundations for Mapping Policies to Network Devices (Technical Report) [article]

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner
2016 arXiv   pre-print
We show the value of our proposed algebras in maintaining concise network-device configurations by applying them to real-world networks.  ...  A common requirement in policy specification languages is the ability to map policies to the underlying network devices.  ...  ., assigned) ACL rules in each case study by parsing the firewall configurations as per (Ranathunga et al., 2015b) .  ... 
arXiv:1605.09115v1 fatcat:lpub3kg5mfcltnnuqebny6lise

Computer-Aided Software Engineering in a distributed workstation environment

David B. Leblang, Robert P. Chase
1984 SIGPLAN notices  
Acknowledgement s In addition to the authors, DSEE project members Gordon McLean, Howard Spilke, John Yates, and Pat Bergeron contributed to this paper.  ...  The intent of this paper is to describe DSEE and contrast it with other systems in terms of g Alg and functionality.  ...  Network gateways are available for communication with other vendors' networks, and the store and forward message passing utility can be used in conjunction with gateways to support Inter-network tasks  ... 
doi:10.1145/390011.808255 fatcat:evqcltw3rfflxc6mdewyeeqihe
« Previous Showing results 1 — 15 out of 568 results