Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:A Declarative Language for Network Security
Speaker:Prof. Dr. Riccardo Focardi
coming from:University Ca’ Foscari, Venice
Speakers Bio:Prof. Dr. Riccardo Focardi is an Associate Professor of Computer Science, head of the security team in the ACADIA group. Research interests of Riccardo Focardi include: system and network security, analysis of security APIs and trusted hardware, cryptography, specification and automated verification of security properties. He has published more than 90 research papers on these topics, in international journals and conferences. He holds currently an h-index of 28 (source Google Scholar) with more than 3000 citations. He has been involved into national and European projects on Computer Security and has coordinated the national project SOFT “Security-Oriented Formal Techniques” (Italian Ministry for University and Research, 2009-2011). He has been member of many program committees of international conference: the IEEE Symposium of Security and Privacy (2005), the IEEE Computer Security Foundation Symposium (Program Chair in 2003 and 2004 and General Chair in 2006 and 2007), the International Workshop on Issues in the Theory of Security (Program Chair, 2007) and the International Conference on Principles of Security and Trust (Program co-chair, 2015). Riccardo Focardi has organized the second and third "International Schools on Foundations of Security Analysis and Design" (FOSAD). Since 2016 he is chair of the IFIP Working Group 1.7 "Theoretical Foundations of Security Analysis and Design" and since 2005 he is member of the editorial board of the Journal of Computer Security (IOS Press). He coordinates the PhD program in Computer Science at Ca’Foscari. In 2013 he has co-funded Cryptosense, a spin-off that develops software for security analysis of cryptographic systems. Riccardo Focardi has supervised two European Social Funds contracts on IT infrastructure security.
Event Type:CISPA Distinguished Lecture Series
Visibility:D1, D2, D3, D4, D5, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Thursday, 20 October 2016
Duration:60 Minutes
Building:E9 1 - CISPA
Room:005, lecture hall
Organizations have big and complicated networks divided into subnets that are usually governed by entirely different security policies. Consequently, network administrators need to configure a fairly big number of firewalls, each enforcing a local security policy on the neighbouring subnets. This approach is time-consuming especially for what concern maintenance: each policy modification might require to modify more than one firewall configuration in non-trivial ways. More importantly, it is hard for administrators to have a high level perception of what security policy is enforced by the composition of all the local firewall configurations.
In this talk we present a new language for expressing network security policies. Networks are represented as graphs and policy rules provide constraints that packets should satisfy while traversing the network. The language can express typical firewall rules at the network level, independently of the actual location of firewalls, and allows administrators to control packets depending on the actual trajectory they follow while traversing the networks. We describe an algorithm to localize the network policy on the actual firewalls and we describe a proof of concept implementation based on the semantic-based firewall configuration tool Mignis.
Name(s):Sabine Nermerich
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:NoTo Location:
Tags, Category, Keywords and additional notes
Attachments, File(s):
Sabine Nermerich/AG4/MPII/DE, 10/10/2016 10:44 AM
Last modified:
Uwe Brahm/MPII/DE, 10/20/2016 07:00 AM
  • Sabine Nermerich, 10/10/2016 10:49 AM -- Created document.