On the modeling, design, and implementation of firewall technology
Abstract
This dissertation studies one particular aspect of providing communication security: firewall technology. Our work provides a framework in the form of a waterfall model within which firewall systems and their components can be designed and evaluated. We introduce a reference model that captures existing firewall technology and allows for an extension to networking technologies to which it was not applied previously. The essential components of the reference model are authentication, integrity assurance, access control, audit, and their enforcement. All components are governed by a centralized security policy, and they can be deployed in a distributed fashion to achieve scaling. We introduce a formalism that is based on Hierarchical Colored Petri Nets (HCPN) to described the functionality of mechanisms used by firewall technology. HCPNs provide us with a means of description, composition, simulation, and analysis of firewall systems. The implementation of a firewall depends on its underlying network technologies. We describe the concept of authenticated signaling and report on the design, implementation, and exploration of its realization for asynchronous transfer mode (ATM) signaling, using above reference model. The resulting security mechanism can be used as a building block in the construction of firewall systems.
Degree
Ph.D.
Advisors
Spafford, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.