| Title |
Verified iptables Firewall Analysis and Verification
|
|---|---|
| Published in |
Journal of Automated Reasoning, January 2018
|
| DOI | 10.1007/s10817-017-9445-1 |
| Pubmed ID | |
| Authors |
Cornelius Diekmann, Lars Hupel, Julius Michaelis, Maximilian Haslbeck, Georg Carle |
| Abstract |
This article summarizes our efforts around the formally verified static analysis of iptables rulesets using Isabelle/HOL. We build our work around a formal semantics of the behavior of iptables firewalls. This semantics is tailored to the specifics of the filter table and supports arbitrary match expressions, even new ones that may be added in the future. Around that, we organize a set of simplification procedures and their correctness proofs: we include procedures that can unfold calls to user-defined chains, simplify match expressions, and construct approximations removing unknown or unwanted match expressions. For analysis purposes, we describe a simplified model of firewalls that only supports a single list of rules with limited expressiveness. We provide and verify procedures that translate from the complex iptables language into this simple model. Based on that, we implement the verified generation of IP space partitions and minimal service matrices. An evaluation of our work on a large set of real-world firewall rulesets shows that our framework provides interesting results in many situations, and can both help and out-compete other static analysis frameworks found in related work. |
X Demographics
The data shown below were collected from the profiles of 4 X users who shared this research output. Click here to find out more about how the information was compiled.
Geographical breakdown
| Country | Count | As % |
|---|---|---|
| United Kingdom | 1 | 25% |
| Germany | 1 | 25% |
| Unknown | 2 | 50% |
Demographic breakdown
| Type | Count | As % |
|---|---|---|
| Members of the public | 4 | 100% |
Mendeley readers
The data shown below were compiled from readership statistics for 48 Mendeley readers of this research output. Click here to see the associated Mendeley record.
Geographical breakdown
| Country | Count | As % |
|---|---|---|
| Unknown | 48 | 100% |
Demographic breakdown
| Readers by professional status | Count | As % |
|---|---|---|
| Student > Bachelor | 8 | 17% |
| Student > Master | 4 | 8% |
| Lecturer | 3 | 6% |
| Student > Doctoral Student | 2 | 4% |
| Professor > Associate Professor | 2 | 4% |
| Other | 5 | 10% |
| Unknown | 24 | 50% |
| Readers by discipline | Count | As % |
|---|---|---|
| Computer Science | 17 | 35% |
| Medicine and Dentistry | 2 | 4% |
| Psychology | 1 | 2% |
| Business, Management and Accounting | 1 | 2% |
| Physics and Astronomy | 1 | 2% |
| Other | 1 | 2% |
| Unknown | 25 | 52% |
Attention Score in Context
This research output has an Altmetric Attention Score of 4. This is our high-level measure of the quality and quantity of online attention that it has received. This Attention Score, as well as the ranking and number of research outputs shown below, was calculated when the research output was last mentioned on 22 February 2019.
All research outputs
#7,443,095
of 23,015,156 outputs
Outputs from Journal of Automated Reasoning
#14
of 136 outputs
Outputs of similar age
#151,342
of 442,518 outputs
Outputs of similar age from Journal of Automated Reasoning
#1
of 5 outputs
Altmetric has tracked 23,015,156 research outputs across all sources so far. This one has received more attention than most of these and is in the 67th percentile.
So far Altmetric has tracked 136 research outputs from this source. They receive a mean Attention Score of 2.6. This one has done well, scoring higher than 89% of its peers.
Older research outputs will score higher simply because they've had more time to accumulate mentions. To account for age we can compare this Altmetric Attention Score to the 442,518 tracked outputs that were published within six weeks on either side of this one in any source. This one has gotten more attention than average, scoring higher than 65% of its contemporaries.
We're also able to compare this research output to 5 others from the same source and published within six weeks on either side of this one. This one has scored higher than all of them