Alain Mayer scite author profile

In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entityrelationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator.We implemented a prototype of our toolkit to work with several commercially available firewall products. This prototype was used to control an operational firewall for several months. We believe that our approach is an important step toward streamlining the process of configuring and managing firewalls, especially in complex, multi-firewall installations.

show abstract

Fang: a firewall analysis engine

Mayer¹,

Wool²,

Ziskind³

170

124

View full text Add to dashboard Cite

How to make personalized web browsing simple, secure, and anonymous

Gabber¹,

Gibbons²,

Matias³

et al. 1997

117

View full text Add to dashboard Cite

Abstract. An increasing number of web-sites require users to establish an account before they can access the information stored on that site (\personalized web browsing"). Typically, the user is required to provide at least a unique username, a secret password and an e-mail address. Establishing accounts at multiple web-sites is a tedious task. A securityand privacy-aware user may h a ve t o i n vent a distinct username and a secure password, both unrelated to his/her identity, for each w eb-site. The user may also desire mechanisms for anonymous e-mail. Besides the information that the user supplies voluntarily to the web-site, additional information about the user may o w ( i n voluntarily) from the user's site to the web-site, due to the nature of the HTTP protocol and the cookie mechanism.This paper describes the Janus Personalized Web Anonymizer, which makes personalized web browsing simple, secure and anonymous by providing convenient solutions to each of the above problems. Janus serves as an intermediary entity b e t ween a user and a web-site. Given a user and a web-site, Janus automatically generates an alias { typically a username, a password and an e-mail address { that can be used to establish an anonymous account at the web-site. Di erent aliases are generated for each user, web-site pair however the same alias is presented whenever a particular user visits a particular web-site. Janus frees the user from the burden of inventing and memorizing distinct usernames and secure passwords for each w eb-site, and guarantees that an alias (including an e-mail address) does not reveal the true identity of the user. Janus also provides mechanisms to complete an anonymous e-mail exchange from a web-site to a user, and lters the information-ow of the HTTP protocol to preserve user privacy. T h us Janus provides simultaneous user identi cation and user privacy, as required for anonymous personalized web browsing.

show abstract

Time-optimal message-efficient work performance in the presence of faults

Prisco

Mayer

Yung

1994

View full text Add to dashboard Cite

Performing work in parallel by a multitude of processes in a distributed environment is currently a fast growing area of computer applications (due to its cost effectiveness). Adaptation of such applications to changes in system's parallelism (i.e., the availability of processes) is essential for improved performance and reliability y. In this work we consider one aspect of coping with dynamic processes failures in such a setting, namely the following scenario formulated by Dwork, Halpern and Waarts [DH W92]: a system of n synchronous processes that communicate only by sending messages to one another. These processes must perform m independent units of work. Processes may fail by crashing and wait-freeness is required, i.e. that whenever at least one process survives, all m units of work will be performed.We consider the notion of fast algorithms in this setting, yet we are not willing to trade improved time for a high cost in communication.Thus, we require message efficiency as well. We therefore put forth the notion of lexicographic eflciency, that is we consider the following two complexity measures in order: The parallel processor step (or S for short) as introduced by Kanellakis and Shvartsman [KS89] in the context of robust PRAM and the number of messages sent (denoted M).We present an algorithm which has S = O(m + (f + l)n) (where f denotes the actual number of failures) and prove that this is optimal (in absolute terms in all fault scenarios). Furthermore, the algorithm has M= O((f + l)n) and hence is the first messageeficient algorithm with optimal S. This is a step in understanding lexicographic efficiency, and towards solving the open problem in [DHW92] of simultaneously optimizing time and messages.

show abstract

Consistent, yet anonymous, Web access with LPWA

Gabber¹,

Gibbons²,

Kristol³

et al. 1999

Commun. ACM

View full text Add to dashboard Cite

The Complexity of Word Problems - This Time with Interleaving

Mayer

Stockmeyer

1994

Information and Computation

View full text Add to dashboard Cite

We consider regular expressions extended with the interleaving ope-tor, and investigate the complexity of membership and inequivalence problems for these expressions. For expressions using the operators union, concatenation, Kleene star, and interleaving, we show that the inequivalence problem (deciding whet-er two given expressions do not describe the same set of words) is complete for exponential space. Without Kleene star, we show that the inequivalence problem is complete for the-class Z' at-the second level of the polynomial-time hierarchy. Certain cases of the membership problem (deciding whether a given word is in the language described by a given expression) are shown to be N-P-complete. Special cases of the membership problem which can be solved in polynomial time are also discussed. Thi-ls document has been approved for public xelease and sale; its distribution is unlimited. 91-08896 'The research of this author was partly supnorted bylONR gr ant N00014.91-J.1613.

show abstract

Resolving message complexity of Byzantine Agreement and beyond

Galil

Mayer

Yung

View full text Add to dashboard Cite

Local computations on static and dynamic graphs

Mayer

Naor

Stockmeryer³

View full text Add to dashboard Cite

The purpose of this paper is a study of computation that can be done locally in a distributed network. By locally we mean within time (or distance) independent of the size of the network. I n particular we are interested in algorithms that are robust, i.e., perform well even if the underlying gmph is not stable and links continuously fail and come-up. W e introduce and study the happy coloring & orientation problem and show that it yields a robust local solution to the (d, m)-dining philosophers problem of Naor and Stoclnneyer 1171. This problem is similar to the usual dining philosophers problem, ezcept that each philosopher has access to d forks but needs only m of them to eat. W e give a robust local solution if m 5 [d/21 (necessity of this inequality for any local solution was known previously).Two other problems we investigate are: ( I ) the amount of initial s y m m e t r y -b d n g needed to solve certain problems locally (for example, our algorithms need considembly less s y m m e t r y -b d n g than having a unique ID on each node), and (2) the single-step color reduction problem: given a coloring with c colors of the nodes of a gmph, what is the smallest number of colors c' such that every node can recolor itself with one of c' colors as a function of its immediate neighborhood only. . Part of this work waa done while at IBM Almaden Rasesreh Center. Resesrch supported by an Alon Fellowship and by an Israel-France grant.

show abstract

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Alain Mayer

Firmato: a novel firewall management toolkit

Fang: a firewall analysis engine

How to make personalized web browsing simple, secure, and anonymous

Time-optimal message-efficient work performance in the presence of faults

Consistent, yet anonymous, Web access with LPWA

The Complexity of Word Problems - This Time with Interleaving

Resolving message complexity of Byzantine Agreement and beyond

Local computations on static and dynamic graphs

Contact Info

Product

Resources

About