In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entityrelationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator.We implemented a prototype of our toolkit to work with several commercially available firewall products. This prototype was used to control an operational firewall for several months. We believe that our approach is an important step toward streamlining the process of configuring and managing firewalls, especially in complex, multi-firewall installations.
We prove that any graph G with n points has a distribution T over spanning trees such that for any edge (u, v) the expected stretch ET ∼T [dT (u, v)/dG(u, v)] is bounded byÕ(log n). Our result is obtained via a new approach of building "highways" between portals and a new strong diameter probabilistic decomposition theorem.
School of C o m p u t e r Science a n d Engineering, H e b r e w University, J e r u s a l e m 91904, Israel A b s t r a c t This paper deals with multi-unit combinatorial auctions where there are n types of goods for sale, and for each good there is some fixed number of units. We focus on the case where each bidder desires a relatively small number of units of each good. In particular, this includes the case where each good has exactly k units, and each bidder desires no more than a single unit of each good. We provide incentive compatible mechanisms for combinatorial auctions for the general case where bidders are not limited to single minded valuations. The mechanisms we give have approximation ratios close to the best possible for both on-line and off-line scenarios. This is the first result where non-VCG mechanisms are derived for non-single minded bidders for a natural model of combinatorial auctions.
We present a randomized on-line algorithm for the Metrical Tti System problem that achieves a competitive ratio of O(log6 n) for arbitrary metric spaces, against art oblivious adversary. This is the first algorithm to achieve a sublinear competitive ratio for all mernc spaces. Our algorithm uses a recent result of Bart.al[Bar96] thatan arbitrarymetric space can be probabilistically approximated by a set of metric spaces called "k-hierarchical well-separated trees" (k-HST'S). Indeed, the main technical result of this paper is an 0(}og2 n)-competitive algorithm for fl(log2 n)-HST spaces. This, combined with the result of [Bar96], yields the general bound.Note that for the k-server problem on metric spaces of k + c points our result implies a competitive ratio of O(C6 log6 k).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.