Learn More
—New modes of communication have shown themselves to be needed for more secure and private types of data. Steganography or data-hiding through covert channels can be highly motivated by today's security requirements and various needs of applications. Moreover, the amount of information in the Internet traffic is not bounded by what is contained in packets(More)
Recent studies show that configurations of network access control is one of the most complex and error prone network management tasks. For this reason, network misconfiguration becomes the main source for network unreachablility and vulnerability problems. In this paper, we present a novel approach that models the global end-to-end behavior of access(More)
— Packet filtering plays a critical role in the performance of many network devices such as firewalls, IPSec gateways, DiffServ and QoS routers. A tremendous amount of research was proposed to optimize packet filters. However, most of the related works use deterministic techniques and do not exploit the traffic characteristics in their optimization schemes.(More)
—Packet matching plays a critical role in the performance of many network devices and a tremendous amount of research has already been invested to come up with better optimized packet filters. However, most of the related works use determin-istic techniques and do not exploit the traffic characteristics in their optimization schemes. In addition, most(More)
Packet classification plays a critical role in many of the current networking technologies, and efficient yet lightweight packet classification techniques are highly crucial for their successful deployment. Most of the current packet classification techniques exploit the characteristics of classification policies, without considering the traffic behavior in(More)
—Network security devices such as firewalls and intrusion detection systems are constantly updated in their implementation to accommodate new features, performance standards and to utilize new hardware optimization. Reliable, yet practical, testing techniques for validating the configuration enforcement after every new software and firmware update become(More)
Having a firewall policy that is correct and complete is crucial to the safety of the computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper we show how an attacker can reconstruct a firewall's policy by probing the firewall by sending tailored packets into a network and forming an idea of what the policy(More)
— A firewall policy that is correct and complete is crucial to the safety of a computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper, we propose a framework that could be used to blindly discover a firewall policy without prior knowledge. We show how an attacker can reconstruct a firewall's policy by(More)
Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an(More)