The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Reports and Papers Archive


Browse All Papers »       Submit A Paper »

A Reference Model For Firewall Technology

COAST TR 97-11
Schuba, C., Spafford, E
Download: PDF
Added 1900-01-01

Categorization of Software Errors that led to Security Breaches

COAST TR 97-09
Du, W.
Download: PDF
Added 1900-01-01


On The Modeling, Design, And Implementation Of Firewall Technology

COAST TR 97-07
Schuba, C.
Download: PDF

This dissertation studies one particular aspect of providing communication security: firewall technology. Our work provides a framework in the form of a waterfall model within which firewall systems and their components can be designed and evaluated. We introduce a reference model that captures existing firewall technology and allows for an extension to networking technologies to which it was not applied previously. The essential components of the reference model are authentication, integrity assurance, access control, audit, and their enforcement. All components are governed by a centralized security policy, and they can be deployed in a distributed fashion to achieve scaling. We introduce a formalism that is based on Hierarchical Colored Petri Nets (HCPN)to descibe the functionality of mechanisms used by firewall technology. HCPN’s provide us with a means of descriptions, composition, simulation, and analysis of firewall systems. The implementation of a firewall depends on its underlying network technologies. We describe the concept of authenticated signaling and report on the design, implementation, and exploration of its realization for asynchronous transfer mode (ATM) signaling, using above reference model. The resulting security mechanism can be used as a building block in the construction of firewall systems.

Added 1900-01-01

Analysis of a Denial of Service Attack on TCP

COAST TR 97-06
Schuba, C., Krsul, I., Kuhn, M., Spafford, E., Sundaram, A., Zamboni, D.
Download:
Added 1900-01-01

Computer Vulnerability Analysis Thesis Proposal

COAST TR 97-05
Krsul, I.
Download:
Added 1900-01-01

Sequence Matching and Learning in Anomaly Detection for Computer Security

COAST TR 97-04
Lane, T., Brodley, C.
Download:
Added 1900-01-01

An Application of Machine Learning to Anomaly Detection

COAST TR 97-03
Lane, T., Brodley, C.
Download:
Added 1900-01-01

Tamper Resistance - a Cautionary Note

COAST TR 96-08
Anderson, R., Kuhn, M.
Download: PDF
Added 1900-01-01

A Reference Model For Firewall Technology And Its Implications For Connection Signaling

COAST TR 96-07
Lyles, J., Schuba, C.
Download:
Added 1900-01-01

Authorship Analysis: Identifying The Author of a Program

COAST TR 96-06
Krsul, I., Spafford, E.
Download:
Added 1900-01-01

17th IEEE Symposium on Security and Privacy, Report on the

COAST TR 96-03
Schuba, Christoph L. and Zurko Mary Ellen
Download:
Added 1900-01-01


Classification and Detection of Computer Intrusions

COAST TR 95-08
Kumar, S.
Download: PDF
Added 1900-01-01

Classical IP and ARP over ATM

COAST TR 95-07
Schuba, C., Kercheval, B., Spafford, E.
Download: PDF
Added 1900-01-01