{"id":"https://openalex.org/W2988948611","doi":"https://doi.org/10.1145/3338504.3357340","title":"Are All Firewall Systems Equally Powerful?","display_name":"Are All Firewall Systems Equally Powerful?","publication_year":2019,"publication_date":"2019-11-07","ids":{"openalex":"https://openalex.org/W2988948611","doi":"https://doi.org/10.1145/3338504.3357340","mag":"2988948611"},"language":"en","primary_location":{"id":"doi:10.1145/3338504.3357340","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338504.3357340","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082476880","display_name":"Lorenzo Ceragioli","orcid":"https://orcid.org/0000-0002-1288-9623"},"institutions":[{"id":"https://openalex.org/I108290504","display_name":"University of Pisa","ror":"https://ror.org/03ad39j10","country_code":"IT","type":"education","lineage":["https://openalex.org/I108290504"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Lorenzo Ceragioli","raw_affiliation_strings":["Universit\u00e0 di Pisa, Pisa, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 di Pisa, Pisa, Italy","institution_ids":["https://openalex.org/I108290504"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055365661","display_name":"Pierpaolo Degano","orcid":"https://orcid.org/0000-0002-8070-4838"},"institutions":[{"id":"https://openalex.org/I108290504","display_name":"University of Pisa","ror":"https://ror.org/03ad39j10","country_code":"IT","type":"education","lineage":["https://openalex.org/I108290504"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Pierpaolo Degano","raw_affiliation_strings":["Universit\u00e0 di Pisa, Pisa, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 di Pisa, Pisa, Italy","institution_ids":["https://openalex.org/I108290504"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043354136","display_name":"Letterio Galletta","orcid":"https://orcid.org/0000-0003-0351-9169"},"institutions":[{"id":"https://openalex.org/I127077003","display_name":"IMT School for Advanced Studies Lucca","ror":"https://ror.org/035gh3a49","country_code":"IT","type":"education","lineage":["https://openalex.org/I127077003"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Letterio Galletta","raw_affiliation_strings":["IMT School for Advanced Studies, Lucca, Italy"],"affiliations":[{"raw_affiliation_string":"IMT School for Advanced Studies, Lucca, Italy","institution_ids":["https://openalex.org/I127077003"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082476880"],"corresponding_institution_ids":["https://openalex.org/I108290504"],"apc_list":null,"apc_paid":null,"fwci":0.4815,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.62848943,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"17"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.9042794704437256},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8316758871078491},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7240621447563171},{"id":"https://openalex.org/keywords/unix","display_name":"Unix","score":0.641929566860199},{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.6292890310287476},{"id":"https://openalex.org/keywords/expressive-power","display_name":"Expressive power","score":0.5002191066741943},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4536546766757965},{"id":"https://openalex.org/keywords/application-firewall","display_name":"Application firewall","score":0.43444210290908813},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3697810173034668},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3503241539001465},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3457198143005371},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.33540165424346924}],"concepts":[{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.9042794704437256},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8316758871078491},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7240621447563171},{"id":"https://openalex.org/C112968700","wikidata":"https://www.wikidata.org/wiki/Q11368","display_name":"Unix","level":3,"score":0.641929566860199},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.6292890310287476},{"id":"https://openalex.org/C195818886","wikidata":"https://www.wikidata.org/wiki/Q5421724","display_name":"Expressive power","level":2,"score":0.5002191066741943},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4536546766757965},{"id":"https://openalex.org/C86444895","wikidata":"https://www.wikidata.org/wiki/Q451816","display_name":"Application firewall","level":4,"score":0.43444210290908813},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3697810173034668},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3503241539001465},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3457198143005371},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.33540165424346924},{"id":"https://openalex.org/C74650414","wikidata":"https://www.wikidata.org/wiki/Q11397","display_name":"Classical mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C183915046","wikidata":"https://www.wikidata.org/wiki/Q1316152","display_name":"Charged black hole","level":4,"score":0.0},{"id":"https://openalex.org/C115304011","wikidata":"https://www.wikidata.org/wiki/Q72755","display_name":"Schwarzschild radius","level":3,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C124017977","wikidata":"https://www.wikidata.org/wiki/Q11412","display_name":"Gravitation","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3338504.3357340","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338504.3357340","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arpi.unipi.it:11568/1013185","is_oa":false,"landing_page_url":"http://hdl.handle.net/11568/1013185","pdf_url":null,"source":{"id":"https://openalex.org/S4377196265","display_name":"CINECA IRIS Institutial research information system (University of Pisa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I108290504","host_organization_name":"University of Pisa","host_organization_lineage":["https://openalex.org/I108290504"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/bookPart"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1549053995","https://openalex.org/W2066338533","https://openalex.org/W2081306377","https://openalex.org/W2130210899","https://openalex.org/W2515263835","https://openalex.org/W2781706673","https://openalex.org/W2882265941","https://openalex.org/W2918356435","https://openalex.org/W2988643728"],"related_works":["https://openalex.org/W2009238965","https://openalex.org/W2361515550","https://openalex.org/W2916429898","https://openalex.org/W8359669","https://openalex.org/W2057573940","https://openalex.org/W4363647490","https://openalex.org/W2347324149","https://openalex.org/W2495628081","https://openalex.org/W2583381754","https://openalex.org/W4234975731"],"abstract_inverted_index":{"Firewalls":[0],"are":[1,18,29,43,73,127,151],"a":[2,22,106,154],"fundamental":[3],"tool":[4],"for":[5],"managing":[6],"and":[7,35,49,70,91,124,135,168],"protecting":[8],"computer":[9],"networks.":[10],"They":[11],"not":[12,157],"only":[13],"permit":[14],"specifying":[15],"which":[16,45],"packets":[17,28],"allowed":[19],"to":[20,114],"enter":[21],"network,":[23],"but":[24,156],"also":[25],"how":[26],"these":[27],"modified":[30],"by":[31,111],"translating":[32],"IP":[33],"addresses":[34],"performing":[36],"port":[37],"redirection":[38],"(NAT).":[39],"Many":[40],"firewalls":[41],"systems":[42],"available":[44],"provide":[46],"different":[47],"tools":[48,88],"configuration":[50],"languages.":[51],"In":[52,93],"contrast":[53],"with":[54,165],"the":[55,57,63,79,85,104,137,140,166],"intuition,":[56],"most":[58,86],"widespread":[59],"languages":[60,83],"cannot":[61],"express":[62],"same":[64],"configurations,":[65],"even":[66],"when":[67],"simple":[68],"filtering":[69],"NAT":[71],"transformations":[72],"considered.":[74],"This":[75],"paper":[76],"formally":[77],"investigates":[78],"power":[80],"of":[81,84,99,142],"firewall":[82],"used":[87],"in":[89,153,158],"Unix":[90],"Linux.":[92],"particular,":[94],"we":[95],"introduce":[96],"two":[97],"kinds":[98],"expressivity.":[100],"The":[101,129],"first":[102],"concerns":[103],"ways":[105],"packet":[107],"can":[108],"be":[109],"transformed":[110],"NAT.":[112],"According":[113],"this":[115],"criterion":[116],"iptables":[117,162],"is":[118,132,163,170],"strictly":[119],"more":[120,133,171],"expressive":[121,172],"than":[122,173],"ipfw":[123,169],"pf":[125],"that":[126,148],"equivalent.":[128],"second":[130],"kind":[131],"finer-grained":[134],"considers":[136],"dependencies":[138],"among":[139],"management":[141],"all":[143],"packets.":[144],"Our":[145],"results":[146],"show":[147],"some":[149],"configurations":[150],"expressible":[152],"system,":[155],"another":[159],"one.":[160],"Indeed,":[161],"incomparable":[164],"others,":[167],"pf.":[174]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-01-13T01:12:25.745995","created_date":"2025-10-10T00:00:00"}