In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entityrelationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator.We implemented a prototype of our toolkit to work with several commercially available firewall products. This prototype was used to control an operational firewall for several months. We believe that our approach is an important step toward streamlining the process of configuring and managing firewalls, especially in complex, multi-firewall installations.
Abstract. An increasing number of web-sites require users to establish an account before they can access the information stored on that site (\personalized web browsing"). Typically, the user is required to provide at least a unique username, a secret password and an e-mail address. Establishing accounts at multiple web-sites is a tedious task. A securityand privacy-aware user may h a ve t o i n vent a distinct username and a secure password, both unrelated to his/her identity, for each w eb-site. The user may also desire mechanisms for anonymous e-mail. Besides the information that the user supplies voluntarily to the web-site, additional information about the user may o w ( i n voluntarily) from the user's site to the web-site, due to the nature of the HTTP protocol and the cookie mechanism.This paper describes the Janus Personalized Web Anonymizer, which makes personalized web browsing simple, secure and anonymous by providing convenient solutions to each of the above problems. Janus serves as an intermediary entity b e t ween a user and a web-site. Given a user and a web-site, Janus automatically generates an alias { typically a username, a password and an e-mail address { that can be used to establish an anonymous account at the web-site. Di erent aliases are generated for each user, web-site pair however the same alias is presented whenever a particular user visits a particular web-site. Janus frees the user from the burden of inventing and memorizing distinct usernames and secure passwords for each w eb-site, and guarantees that an alias (including an e-mail address) does not reveal the true identity of the user. Janus also provides mechanisms to complete an anonymous e-mail exchange from a web-site to a user, and lters the information-ow of the HTTP protocol to preserve user privacy. T h us Janus provides simultaneous user identi cation and user privacy, as required for anonymous personalized web browsing.
Performing work in parallel by a multitude of processes in a distributed environment is currently a fast growing area of computer applications (due to its cost effectiveness). Adaptation of such applications to changes in system's parallelism (i.e., the availability of processes) is essential for improved performance and reliability y. In this work we consider one aspect of coping with dynamic processes failures in such a setting, namely the following scenario formulated by Dwork, Halpern and Waarts [DH W92]: a system of n synchronous processes that communicate only by sending messages to one another. These processes must perform m independent units of work. Processes may fail by crashing and wait-freeness is required, i.e. that whenever at least one process survives, all m units of work will be performed.We consider the notion of fast algorithms in this setting, yet we are not willing to trade improved time for a high cost in communication.Thus, we require message efficiency as well. We therefore put forth the notion of lexicographic eflciency, that is we consider the following two complexity measures in order: The parallel processor step (or S for short) as introduced by Kanellakis and Shvartsman [KS89] in the context of robust PRAM and the number of messages sent (denoted M).We present an algorithm which has S = O(m + (f + l)n) (where f denotes the actual number of failures) and prove that this is optimal (in absolute terms in all fault scenarios). Furthermore, the algorithm has M= O((f + l)n) and hence is the first messageeficient algorithm with optimal S. This is a step in understanding lexicographic efficiency, and towards solving the open problem in [DHW92] of simultaneously optimizing time and messages.
We consider regular expressions extended with the interleaving ope-tor, and investigate the complexity of membership and inequivalence problems for these expressions. For expressions using the operators union, concatenation, Kleene star, and interleaving, we show that the inequivalence problem (deciding whet-er two given expressions do not describe the same set of words) is complete for exponential space. Without Kleene star, we show that the inequivalence problem is complete for the-class Z' at-the second level of the polynomial-time hierarchy. Certain cases of the membership problem (deciding whether a given word is in the language described by a given expression) are shown to be N-P-complete. Special cases of the membership problem which can be solved in polynomial time are also discussed. Thi-ls document has been approved for public xelease and sale; its distribution is unlimited. 91-08896 'The research of this author was partly supnorted bylONR gr ant N00014.91-J.1613.
The purpose of this paper is a study of computation that can be done locally in a distributed network. By locally we mean within time (or distance) independent of the size of the network. I n particular we are interested in algorithms that are robust, i.e., perform well even if the underlying gmph is not stable and links continuously fail and come-up. W e introduce and study the happy coloring & orientation problem and show that it yields a robust local solution to the (d, m)-dining philosophers problem of Naor and Stoclnneyer 1171. This problem is similar to the usual dining philosophers problem, ezcept that each philosopher has access to d forks but needs only m of them to eat. W e give a robust local solution if m 5 [d/21 (necessity of this inequality for any local solution was known previously).Two other problems we investigate are: ( I ) the amount of initial s y m m e t r y -b d n g needed to solve certain problems locally (for example, our algorithms need considembly less s y m m e t r y -b d n g than having a unique ID on each node), and (2) the single-step color reduction problem: given a coloring with c colors of the nodes of a gmph, what is the smallest number of colors c' such that every node can recolor itself with one of c' colors as a function of its immediate neighborhood only. . Part of this work waa done while at IBM Almaden Rasesreh Center. Resesrch supported by an Alon Fellowship and by an Israel-France grant.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.