@article {Khoumsi2015221, title = {A formal approach to verify completeness and detect anomalies in firewall security policies}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, volume = {8930}, year = {2015}, note = {cited By 1}, pages = {221-236}, abstract = {Security policies are a relevant solution to protect information systems from undue accesses. In this paper, we develop a formal and rigorous automata-based approach to design and analyze security policies. The interest of our approach is that it can be used as a common basis for analyzing several aspects of security policies, instead of using a distinct approach and formalism for studying each aspect. We first develop a procedure that synthesizes automatically an automaton which implements a given security policy. Then, we apply this synthesis procedure to verify completeness of security policies and detect several types of anomalies in security policies. We also study space and time complexities of the developed procedures. {\textcopyright} Springer International Publishing Switzerland 2015.}, doi = {10.1007/978-3-319-17040-4_14}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84928524690\&doi=10.1007\%2f978-3-319-17040-4_14\&partnerID=40\&md5=af206fc0108d0632a452dcb6750e1fd1}, author = {Khoumsi, A.a and Krombi, W.b and Erradi, M.b} }