{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T11:39:23Z","timestamp":1761824363301,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8750-19-C-0082"],"award-info":[{"award-number":["FA8750-19-C-0082"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2112471"],"award-info":[{"award-number":["2112471"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,14]]},"DOI":"10.1145\/3508398.3511499","type":"proceedings-article","created":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T04:13:31Z","timestamp":1650082411000},"page":"167-178","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["NEUTRON: A Graph-based Pipeline for Zero-trust Network Architectures"],"prefix":"10.1145","author":[{"given":"Charalampos","family":"Katsis","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Fabrizio","family":"Cicala","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Dan","family":"Thomsen","sequence":"additional","affiliation":[{"name":"SIFT, LLC, Minneapolis, MN, USA"}]},{"given":"Nathan","family":"Ringo","sequence":"additional","affiliation":[{"name":"SIFT, LLC, Minneapolis, MN, USA"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,4,15]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-007-0045-7"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2007.34"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00015"},{"key":"e_1_3_2_2_4_1","volume-title":"Ethane: Taking control of the enterprise. ACM SIGCOMM computer communication review","author":"Casado Martin","year":"2007","unstructured":"Martin Casado , Michael J Freedman , Justin Pettit , Jianying Luo , Nick McKeown , and Scott Shenker . 2007 . Ethane: Taking control of the enterprise. ACM SIGCOMM computer communication review , Vol. 37 , 4 (2007), 1--12. Martin Casado, Michael J Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. 2007. Ethane: Taking control of the enterprise. ACM SIGCOMM computer communication review , Vol. 37, 4 (2007), 1--12."},{"key":"e_1_3_2_2_5_1","unstructured":"Cisco. [n.d.]. Cisco Catalyst 9400 Series Switches . https:\/\/www.cisco.com\/c\/en\/us\/products\/switches\/catalyst-9400-series-switches\/index.html# benefits  Cisco. [n.d.]. Cisco Catalyst 9400 Series Switches . https:\/\/www.cisco.com\/c\/en\/us\/products\/switches\/catalyst-9400-series-switches\/index.html# benefits"},{"key":"e_1_3_2_2_6_1","unstructured":"The Netfilter core team. [n.d.]. The netfilter.org \"iptables\" project . https:\/\/www.netfilter.org\/projects\/iptables\/index.html  The Netfilter core team. [n.d.]. The netfilter.org \"iptables\" project . https:\/\/www.netfilter.org\/projects\/iptables\/index.html"},{"key":"e_1_3_2_2_7_1","volume-title":"Misconfiguration management of network security components. arXiv preprint arXiv:1912.07283","author":"Cuppens Fr\u00e9d\u00e9ric","year":"2019","unstructured":"Fr\u00e9d\u00e9ric Cuppens , Nora Cuppens-Boulahia , and Joaquin Garcia-Alfaro . 2019. Misconfiguration management of network security components. arXiv preprint arXiv:1912.07283 ( 2019 ). Fr\u00e9d\u00e9ric Cuppens, Nora Cuppens-Boulahia, and Joaquin Garcia-Alfaro. 2019. Misconfiguration management of network security components. arXiv preprint arXiv:1912.07283 (2019)."},{"key":"e_1_3_2_2_8_1","volume-title":"IFIP World Computer Congress, TC 1. Springer, 203--218","author":"Cuppens Fr\u00e9d\u00e9ric","year":"2004","unstructured":"Fr\u00e9d\u00e9ric Cuppens , Nora Cuppens-Boulahia , Thierry Sans , and Alexandre Mi\u00e8ge . 2004 . A formal approach to specify and deploy a network security policy . In IFIP World Computer Congress, TC 1. Springer, 203--218 . Fr\u00e9d\u00e9ric Cuppens, Nora Cuppens-Boulahia, Thierry Sans, and Alexandre Mi\u00e8ge. 2004. A formal approach to specify and deploy a network security policy. In IFIP World Computer Congress, TC 1. Springer, 203--218."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062502"},{"volume-title":"Data Privacy Management and Autonomous Spontaneous Security","author":"Garcia-Alfaro Joaquin","key":"e_1_3_2_2_12_1","unstructured":"Joaquin Garcia-Alfaro , Fr\u00e9d\u00e9ric Cuppens , Nora Cuppens-Boulahia , and Stere Preda . 2010. MIRAGE: a management tool for the analysis and deployment of network security policies . In Data Privacy Management and Autonomous Spontaneous Security . Springer , 203--215. Joaquin Garcia-Alfaro, Fr\u00e9d\u00e9ric Cuppens, Nora Cuppens-Boulahia, and Stere Preda. 2010. MIRAGE: a management tool for the analysis and deployment of network security policies. In Data Privacy Management and Autonomous Spontaneous Security. Springer, 203--215."},{"key":"e_1_3_2_2_13_1","volume-title":"Expressing and enforcing flow-based network security policies","author":"Hinrichs Timothy","year":"2008","unstructured":"Timothy Hinrichs , Natasha Gude , Martin Casado , John Mitchell , and Scott Shenker . 2008. Expressing and enforcing flow-based network security policies . University of Chicago , Tech. Rep , Vol. 9 ( 2008 ). Timothy Hinrichs, Natasha Gude, Martin Casado, John Mitchell, and Scott Shenker. 2008. Expressing and enforcing flow-based network security policies. University of Chicago, Tech. Rep , Vol. 9 (2008)."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463558"},{"key":"e_1_3_2_2_15_1","volume-title":"Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13)","author":"Kazemian Peyman","year":"2013","unstructured":"Peyman Kazemian , Michael Chang , Hongyi Zeng , George Varghese , Nick McKeown , and Scott Whyte . 2013 . Real time network policy checking using header space analysis . In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13) . 99--111. Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. 2013. Real time network policy checking using header space analysis. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13) . 99--111."},{"key":"e_1_3_2_2_16_1","volume-title":"Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12)","author":"Kazemian Peyman","year":"2012","unstructured":"Peyman Kazemian , George Varghese , and Nick McKeown . 2012 . Header space analysis: Static checking for networks . In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12) . 113--126. Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12) . 113--126."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud\/EdgeCom.2019.00-10"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36388-2_6"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043164.2018470"},{"key":"e_1_3_2_2_20_1","unstructured":"Ralph Merkle. 1979. Merkle tree patent.  Ralph Merkle. 1979. Merkle tree patent."},{"key":"e_1_3_2_2_21_1","volume-title":"Proceedings of the Conference on the theory and application of cryptographic techniques . Springer, 369--378","author":"Merkle Ralph C","year":"1987","unstructured":"Ralph C Merkle . 1987 . A digital signature based on a conventional encryption function . In Proceedings of the Conference on the theory and application of cryptographic techniques . Springer, 369--378 . Ralph C Merkle. 1987. A digital signature based on a conventional encryption function. In Proceedings of the Conference on the theory and application of cryptographic techniques . Springer, 369--378."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592684"},{"key":"e_1_3_2_2_23_1","volume-title":"Proceedings of the 24th Large Installation System Administration Conference (LISA 10)","author":"Nelson Timothy","year":"2010","unstructured":"Timothy Nelson , Christopher Barratt , Daniel J Dougherty , Kathi Fisler , and Shriram Krishnamurthi . 2010 . The margrave tool for firewall analysis . In Proceedings of the 24th Large Installation System Administration Conference (LISA 10) . Timothy Nelson, Christopher Barratt, Daniel J Dougherty, Kathi Fisler, and Shriram Krishnamurthi. 2010. The margrave tool for firewall analysis. In Proceedings of the 24th Large Installation System Administration Conference (LISA 10) ."},{"key":"e_1_3_2_2_24_1","unstructured":"OpenBSD. [n.d.] a. ftp-proxy - Internet File Transfer Protocol proxy daemon . https:\/\/man.openbsd.org\/ftp-proxy  OpenBSD. [n.d.] a. ftp-proxy - Internet File Transfer Protocol proxy daemon . https:\/\/man.openbsd.org\/ftp-proxy"},{"key":"e_1_3_2_2_25_1","unstructured":"OpenBSD. [n.d.] b. PF - Issues with FTP . https:\/\/man.openbsd.org\/pf  OpenBSD. [n.d.] b. PF - Issues with FTP . https:\/\/man.openbsd.org\/pf"},{"key":"e_1_3_2_2_26_1","unstructured":"OpenBSD. [n.d.] c. PF Manual Page . https:\/\/man.openbsd.org\/pf  OpenBSD. [n.d.] c. PF Manual Page . https:\/\/man.openbsd.org\/pf"},{"key":"e_1_3_2_2_27_1","volume-title":"Proceedings of the 14th USENIX symposium on networked systems design and implementation (NSDI 17)","author":"Panda Aurojit","year":"2017","unstructured":"Aurojit Panda , Ori Lahav , Katerina Argyraki , Mooly Sagiv , and Scott Shenker . 2017 . Verifying reachability in networks with mutable datapaths . In Proceedings of the 14th USENIX symposium on networked systems design and implementation (NSDI 17) . 699--718. Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly Sagiv, and Scott Shenker. 2017. Verifying reachability in networks with mutable datapaths. In Proceedings of the 14th USENIX symposium on networked systems design and implementation (NSDI 17) . 699--718."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/344287.344301"},{"key":"e_1_3_2_2_30_1","series-title":"SIAM journal on computing","volume-title":"Depth-first search and linear graph algorithms","author":"Tarjan Robert","year":"1972","unstructured":"Robert Tarjan . 1972. Depth-first search and linear graph algorithms . SIAM journal on computing , Vol. 1 , 2 ( 1972 ), 146--160. Robert Tarjan. 1972. Depth-first search and linear graph algorithms. SIAM journal on computing , Vol. 1, 2 (1972), 146--160."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/DEXA.2007.146"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943543"}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Baltimore MD USA","acronym":"CODASPY '22"},"container-title":["Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511499","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511499","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511499","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:37Z","timestamp":1750182577000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511499"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":31,"alternative-id":["10.1145\/3508398.3511499","10.1145\/3508398"],"URL":"https:\/\/doi.org\/10.1145\/3508398.3511499","relation":{},"subject":[],"published":{"date-parts":[[2022,4,14]]},"assertion":[{"value":"2022-04-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}