@misc{LorenzKiekhebenSchnor2017,
  author    = {Lorenz, Claas and Kiekheben, Sebastian and Schnor, Bettina},
  title     = {FaVe: Modeling IPv6 firewalls for fast formal verification},
  series = {International Conference on Networked Systems (NetSys) 2017},
  journal   = {International Conference on Networked Systems (NetSys) 2017},
  publisher = {IEEE},
  address   = {New York},
  doi       = {10.1109/NetSys.2017.7903956},
  pages     = {8},
  year      = {2017},
  abstract  = {As virtualization drives the automation of networking, the validation of security properties becomes more and more challenging eventually ruling out manual inspections. While formal verification in Software Defined Networks is provided by comprehensive tools with high speed reverification capabilities like NetPlumber for instance, the presence of middlebox functionality like firewalls is not considered. Also, they lack the ability to handle dynamic protocol elements like IPv6 extension header chains. In this work, we provide suitable modeling abstractions to enable both - the inclusion of firewalls and dynamic protocol elements. We exemplarily model the Linux ip6tables/netfilter packet filter and also provide abstractions for an application layer gateway. Finally, we present a prototype of our formal verification system FaVe.},
  language  = {en}
}