@InProceedings{ bidder.ea:midpoints:2007, abstract = {Today's protocol specifications only define the behaviour of principalsrepresenting communication endpoints. But in addition to endpoints, networkscontain midpoints, which are machines that observe or filter traffic betweenendpoints. In this paper, we explain why midpoints should handle protocolsdifferently from endpoints and thus midpoint specifications are needed.With a case study, using the TCP protocol and three different firewalls asmidpoints, we illustrate the consequences of the current lack of protocolspecifications for midpoints, namely that the same protocol is implementeddifferently by the different firewalls. We then propose a solution to theproblem: We give an algorithm that generates a midpoint automaton fromspecifications of endpoint automata. We prove that the resulting midpointautomata are correct in that they forward only those messages that could haveresulted from protocol-conform endpoints. Finally, we illustrate the algorithmon the TCP protocol.}, author = {Diana von Bidder and David Basin and Germano Caronni}, booktitle = {ACNS 2007}, copyright = {Springer}, editor = {J. Katz and M. Yung}, language = {UKenglish}, pages = {46--64}, pdf = {papers/2007/0_acns2007.pdf}, publisher = {Springer-Verlag}, series = {LNCS}, title = {Midpoints versus Endpoints: From Protocols to Firewalls}, volume = 4521, year = 2007, user = {dsenn} }