{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:17:55Z","timestamp":1775470675266,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319192482","type":"print"},{"value":"9783319192499","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-19249-9_13","type":"book-chapter","created":{"date-parts":[[2015,5,23]],"date-time":"2015-05-23T07:55:31Z","timestamp":1432367731000},"page":"195-212","source":"Crossref","is-referenced-by-count":6,"title":["Semantics-Preserving Simplification of Real-World Firewall Rule Sets"],"prefix":"10.1007","author":[{"given":"Cornelius","family":"Diekmann","sequence":"first","affiliation":[]},{"given":"Lars","family":"Hupel","sequence":"additional","affiliation":[]},{"given":"Georg","family":"Carle","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"IPTables Example Config, http:\/\/networking.ringofsaturn.com\/Unix\/iptables.php (retrieved September 2014)"},{"key":"13_CR2","unstructured":"PF: The OpenBSD packet filter, http:\/\/www.openbsd.org\/faq\/pf\/"},{"key":"13_CR3","unstructured":"Cisco IOS firewall \u2013 configuring IP access lists. Document ID: 23602 (December 2007), http:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/security\/ios-firewall\/23602-confaccesslists.html"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Bartal, Y., Mayer, A., Nissim, K., Wool, A.: Firmato: A novel firewall management toolkit. In: Symposium on Security and Privacy, pp. 17\u201331. IEEE (1999)","DOI":"10.1109\/SECPRI.1999.766714"},{"key":"13_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-540-68524-1_9","volume-title":"Testing of Software and Communicating Systems","author":"A.D. Brucker","year":"2008","unstructured":"Brucker, A.D., Br\u00fcgger, L., Wolff, B.: Model-based firewall conformance testing. In: Suzuki, K., Higashino, T., Ulrich, A., Hasegawa, T. (eds.) TestCom\/FATES 2008. LNCS, vol.\u00a05047, pp. 103\u2013118. Springer, Heidelberg (2008)"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Diekmann, C., Hupel, L., Carle, G.: Directed security policies: A stateful network implementation. In: Third International Workshop on Engineering Safety and Security Systems. EPTCS, vol.\u00a0150, pp. 20\u201334 (May 2014)","DOI":"10.4204\/EPTCS.150.3"},{"key":"13_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-3-662-43613-4_9","volume-title":"Formal Techniques for Distributed Objects, Components, and Systems","author":"C. Diekmann","year":"2014","unstructured":"Diekmann, C., Posselt, S.-A., Niedermayer, H., Kinkelin, H., Hanka, O., Carle, G.: Verifying security policies using host attributes. In: \u00c1brah\u00e1m, E., Palamidessi, C. (eds.) FORTE 2014. LNCS, vol.\u00a08461, pp. 133\u2013148. Springer, Heidelberg (2014)"},{"key":"13_CR8","unstructured":"Eastep, T.M.: iptables made easy \u2013 shorewall (2014), http:\/\/shorewall.net\/"},{"key":"13_CR9","unstructured":"Engelhardt, J.: Towards the perfect ruleset (May 2011), http:\/\/inai.de\/documents\/Perfect_Ruleset.pdf"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Fuller, V., Li, T.: Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. RFC 4632 (Best Current Practice) (August 2006), http:\/\/www.ietf.org\/rfc\/rfc4632.txt","DOI":"10.17487\/rfc4632"},{"key":"13_CR11","unstructured":"Gartenmeister, M.: Iptables vs. Cisco PIX (April 2005), http:\/\/lists.netfilter.org\/pipermail\/netfilter\/2005-April\/059714.html"},{"issue":"3","key":"13_CR12","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1109\/MCOM.2006.1607877","volume":"44","author":"H. Hamed","year":"2006","unstructured":"Hamed, H., Al-Shaer, E.: Taxonomy of conflicts in network security policies. IEEE Communications Magazine\u00a044(3), 134\u2013141 (2006)","journal-title":"IEEE Communications Magazine"},{"key":"13_CR13","unstructured":"Hewlett Packard: IP firewall configuration guide (2005), ftp:\/\/ftp.hp.com\/pub\/networking\/software\/ProCurve-SR-IP-Firewall-Config-Guide.pdf"},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Jeffrey, A., Samak, T.: Model checking firewall policy configurations. In: Policies for Distributed Systems and Networks, pp. 60\u201367. IEEE (July 2009)","DOI":"10.1109\/POLICY.2009.32"},{"key":"13_CR15","unstructured":"Kazemian, P., Varghese, G., McKeown, N.: Header space analysis: static checking for networks. In: Networked Systems Design and Implementation, pp. 113\u2013126. USENIX (April 2012)"},{"key":"13_CR16","series-title":"Bibliotheca Mathematica","volume-title":"Introduction to Metamathematics","author":"S.C. Kleene","year":"1952","unstructured":"Kleene, S.C.: Introduction to Metamathematics. Bibliotheca Mathematica. North-Holland, Amsterdam (1952)"},{"key":"13_CR17","unstructured":"Leblond, E.: Why you will love nftables (January 2014), https:\/\/home.regit.org\/2014\/01\/why-you-will-love-nftables\/"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Mansmann, F., G\u00f6bel, T., Cheswick, W.: Visual analysis of complex firewall configurations. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, VizSec 2012, pp. 1\u20138. ACM (2012)","DOI":"10.1145\/2379690.2379691"},{"key":"13_CR19","unstructured":"Marmorstein, R.M., Kearns, P.: A tool for automated iptables firewall analysis. In: USENIX Annual Technical Conference, FREENIX Track, pp. 71\u201381 (2005)"},{"key":"13_CR20","unstructured":"Marmorstein, R.M., Kearns, P.: Firewall analysis with policy-based host classification. In: Large Installation System Administration Conference, vol.\u00a06, p. 4. USENIX (December 2006)"},{"key":"13_CR21","unstructured":"Nelson, T., Barratt, C., Dougherty, D.J., Fisler, K., Krishnamurthi, S.: The margrave tool for firewall analysis. In: Large Installation System Administration Conference. USENIX (November 2010)"},{"key":"13_CR22","unstructured":"NetCitadel, Inc.: FirewallBuilder ver. 5.1, http:\/\/www.fwbuilder.org"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Nipkow, T., Klein, G.: Concrete Semantics. Springer (2014)","DOI":"10.1007\/978-3-319-10542-0"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle\/HOL: A Proof Assistant for Higher-Order Logic. LNCS, vol.\u00a02283. Springer, Heidelberg (2002), http:\/\/isabelle.in.tum.de\/doc\/tutorial.pdf (last updated 2014)","DOI":"10.1007\/3-540-45949-9"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Pozo, S., Ceballos, R., Gasca, R.M.: CSP-based firewall rule set diagnosis using security policies, pp. 723\u2013729. IEEE (April 2007)","DOI":"10.1109\/ARES.2007.63"},{"key":"13_CR26","unstructured":"Renard, B.: cisco-acl-to-iptables (2013), http:\/\/git.zionetrix.net\/?a=summary&p=cisco-acl-to-iptables (retrieved September 2014)"},{"issue":"4","key":"13_CR27","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1145\/2377677.2377680","volume":"42","author":"J. Sherry","year":"2012","unstructured":"Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else\u2019s problem: Network processing as a cloud service. ACM SIGCOMM Computer Communication Review\u00a042(4), 13\u201324 (2012)","journal-title":"ACM SIGCOMM Computer Communication Review"},{"key":"13_CR28","unstructured":"The netfilter.org project: netfilter\/iptables project, http:\/\/www.netfilter.org\/"},{"key":"13_CR29","unstructured":"The netfilter.org project: netfilter\/nftables project, http:\/\/www.netfilter.org\/"},{"key":"13_CR30","unstructured":"Tongaonkar, A., Inamdar, N., Sekar, R.: Inferring higher level policies from firewall rules. In: Large Installation System Administration Conference, vol.\u00a07, pp. 1\u201310. USENIX (2007)"},{"key":"13_CR31","unstructured":"Verizon Business RISK team, United States Secret Service: 2010 data breach investigations report (2010), http:\/\/www.verizonenterprise.com\/resources\/reports\/rp_2010-DBIR-combined-reports_en_xg.pdf"},{"issue":"6","key":"13_CR32","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1109\/MC.2004.2","volume":"37","author":"A. Wool","year":"2004","unstructured":"Wool, A.: A quantitative study of firewall configuration errors. IEEE Computer\u00a037(6), 62\u201367 (2004)","journal-title":"IEEE Computer"},{"key":"13_CR33","unstructured":"Yuan, L., Chen, H., Mai, J., Chuah, C.N., Su, Z., Mohapatra, P.: FIREMAN: a toolkit for firewall modeling and analysis. In: Symposium on Security and Privacy, pp. 199\u2013213. IEEE (May 2006)"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, B., Al-Shaer, E., Jagadeesan, R., Riely, J., Pitcher, C.: Specifications of a high-level conflict-free firewall policy language for multi-domain networks. In: Symposium on Access Control Models and Technologies, pp. 185\u2013194. ACM (2007)","DOI":"10.1145\/1266840.1266871"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Zhang, S., Mahmoud, A., Malik, S., Narain, S.: Verification and synthesis of firewalls using SAT and QBF. In: Network Protocols (ICNP), pp. 1\u20136 (October 2012)","DOI":"10.1109\/ICNP.2012.6459944"}],"container-title":["Lecture Notes in Computer Science","FM 2015: Formal Methods"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-19249-9_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,28]],"date-time":"2025-05-28T02:43:28Z","timestamp":1748400208000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-19249-9_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319192482","9783319192499"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-19249-9_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}