@article {Khoumsi2016229, title = {An approach to resolve NP-hard problems of firewalls}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, volume = {9944 LNCS}, year = {2016}, note = {cited By 0}, pages = {229-243}, abstract = {Firewalls are a common solution to protect information systems from intrusions. In this paper, we apply an automata-based methodology to resolve several NP-Hard problems which have been shown in the literature to be fundamental for the study of firewall security policies. We also compute space and time complexities of our resolution methods. {\textcopyright} Springer International Publishing AG 2016.}, doi = {10.1007/978-3-319-46140-3_19}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84990038429\&doi=10.1007\%2f978-3-319-46140-3_19\&partnerID=40\&md5=cd031e8992745830e08b31671e0e3416}, author = {Khoumsi, A.a and Erradi, M.b and Ayache, M.b and Krombi, W.b} } @article {Khoumsi2016, title = {A formal basis for the design and analysis of firewall security policies}, journal = {Journal of King Saud University - Computer and Information Sciences}, year = {2016}, note = {cited By 0; Article in Press}, abstract = {A firewall is the core of a well defined network security policy. This paper presents an automata-based method to study firewall security policies. We first propose a procedure that synthesizes an automaton that describes a security policy given as a table of rules. The synthesis procedure is then used to develop procedures to detect: incompleteness, anomalies and discrepancies in security policies. A method is developed to represent the automaton by a policy qualified as mixable and that has practical utilities, such as ease to determine the whitelist and the blacklist of the policy. The developed procedures have been deeply evaluated in terms of time and space complexities. Then, a real case study has been investigated. The obtained results confirm that the developed procedures have reasonable complexities and that their actual execution times are of the order of seconds. Finally, proofs of all results are provided. {\textcopyright} 2016 King Saud University.}, doi = {10.1016/j.jksuci.2016.11.008}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85008234846\&doi=10.1016\%2fj.jksuci.2016.11.008\&partnerID=40\&md5=07a25a70cda473802a697eff8dbb8dec}, author = {Khoumsi, A.a and Erradi, M.b and Krombi, W.b} } @article {Khoumsi2015221, title = {A formal approach to verify completeness and detect anomalies in firewall security policies}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, volume = {8930}, year = {2015}, note = {cited By 1}, pages = {221-236}, abstract = {Security policies are a relevant solution to protect information systems from undue accesses. In this paper, we develop a formal and rigorous automata-based approach to design and analyze security policies. The interest of our approach is that it can be used as a common basis for analyzing several aspects of security policies, instead of using a distinct approach and formalism for studying each aspect. We first develop a procedure that synthesizes automatically an automaton which implements a given security policy. Then, we apply this synthesis procedure to verify completeness of security policies and detect several types of anomalies in security policies. We also study space and time complexities of the developed procedures. {\textcopyright} Springer International Publishing Switzerland 2015.}, doi = {10.1007/978-3-319-17040-4_14}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84928524690\&doi=10.1007\%2f978-3-319-17040-4_14\&partnerID=40\&md5=af206fc0108d0632a452dcb6750e1fd1}, author = {Khoumsi, A.a and Krombi, W.b and Erradi, M.b} }