2016-10-20 02.00 pm s.t.
Riccardo Focardi University Ca’ Foscari, Venice
CISPA 0.05

A Declarative Language for Network Security

Riccardo Focardi

University Ca’ Foscari, Venice

Title : A Declarative Language for Network Security

Building: E9 1 (CISPA), Room 0.05, Lecture hall


Organizations have big and complicated networks divided into subnets that are usually governed by entirely different security policies. Consequently, network administrators need to configure a fairly big number of firewalls, each enforcing a local security policy on the neighbouring subnets. This approach is time-consuming especially for what concern maintenance: each policy modification might require to modify more than one firewall configuration in non-trivial ways. More importantly, it is hard for administrators to have a high level perception of what security policy is enforced by the composition of all the local firewall configurations.

In this talk we present a new language for expressing network security policies. Networks are represented as graphs and policy rules provide constraints that packets should satisfy while traversing the network. The language can express typical firewall rules at the network level, independently of the actual location of firewalls, and allows administrators to control packets depending on the actual trajectory they follow while traversing the networks. We describe an algorithm to localize the network policy on the actual firewalls and we describe a proof of concept implementation based on the semantic-based firewall configuration tool Mignis.


Prof. Dr. Riccardo Focardi is an Associate Professor of Computer Science, head of the security team in the ACADIA group. Research interests of Riccardo Focardi include: system and network security, analysis of security APIs and trusted hardware, cryptography, specification and automated verification of security properties. He has published more than 90 research papers on these topics, in international journals and conferences. He holds currently an h-index of 28 (source Google Scholar) with more than 3000 citations. He has been involved into national and European projects on Computer Security and has coordinated the national project SOFT “Security-Oriented Formal Techniques” (Italian Ministry for University and Research, 2009-2011). He has been member of many program committees of international conference: the IEEE Symposium of Security and Privacy (2005), the IEEE Computer Security Foundation Symposium (Program Chair in 2003 and 2004 and General Chair in 2006 and 2007), the International Workshop on Issues in the Theory of Security (Program Chair, 2007) and the International Conference on Principles of Security and Trust (Program co-chair, 2015). Riccardo Focardi has organized the second and third “International Schools on Foundations of Security Analysis and Design” (FOSAD). Since 2016 he is chair of the IFIP Working Group 1.7 “Theoretical Foundations of Security Analysis and Design” and since 2005 he is member of the editorial board of the Journal of Computer Security (IOS Press). He coordinates the PhD program in Computer Science at Ca’Foscari. In 2013 he has co-funded Cryptosense, a spin-off that develops software for security analysis of cryptographic systems. Riccardo Focardi has supervised two European Social Funds contracts on IT infrastructure security.