Model-Based Firewall Conformance Testing

Authors:
Achim D. Brucker;Lukas Brügger;Burkhart Wolff
Affiliations:
SAP Research, Karlsruhe, Germany 76131;Information Security, ETH Zurich, Zurich, Switzerland 8092;Universität des Saarlandes, Saarbrücken, Germany 66041
Venue:
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Year:
2008

Citing 9
Cited 3

Introduction to Mathematical Logic and Type Theory: To Truth through Proof

Introduction to Mathematical Logic and Type Theory: To Truth through Proof
Specification-Based Testing of Firewalls

PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Engineering with logic: HOL specification and symbolic-evaluation testing for TCP implementations

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Automated Framework for Validating Firewall Policy Enforcement

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Firewall analysis with policy-based host classification

LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Test-sequence generation with Hol-TestGen with an application to firewall testing

TAP'07 Proceedings of the 1st international conference on Tests and proofs
Policy segmentation for intelligent firewall testing

NPSEC'05 Proceedings of the First international conference on Secure network protocols
Symbolic test case generation for primitive recursive functions

FATES'04 Proceedings of the 4th international conference on Formal Approaches to Software Testing
Firewall conformance testing

TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems

hol-TestGen

FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Security mutants for property-based testing

TAP'11 Proceedings of the 5th international conference on Tests and proofs
Constructing mid-points for two-party asynchronous protocols

OPODIS'11 Proceedings of the 15th international conference on Principles of Distributed Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate.We present a substantial case study performed with the model-based testing tool TestGen. Based on a formal model of firewalls and their policies in higher-order logic hol, we first present a derived theory for simplifying policies. We discuss different test plans for test specifications. Finally, we show how to integrate these issues to a domain-specific firewall testing tool holTestGen/fw.