Abstract
This paper concentrates on one technological aspect of providing communications security, firewall technology. It introduces a formalism called Hierarchical Colored Petri Nets (HCPN) in tutorial style. The main contribution of the paper is a description of how to model fire-
wall systems using Hierarchical Colored Petri Nets. A byproduct of this approach is a novel way of modeling audit streams in distributed systems. HCPNs are well suited for modeling concurrent, distributed systems in which regulated flows of information are significant, such as firewall systems which enforce access control policies on network packets. The paper introduces the basics of this modeling technique. It demonstrates with several examples how firewalls can be modeled. It outlines how simulations of such models can facilitate testing, performance analysis, and interactive design exploration. Finally, the approach can
serve as the basis for formal analysis techniques available through Applied Petri Net Theory.