VCSTC: Virtual Cyber Security Testing Capability --- An Application Oriented Paradigm for Network Infrastructure Protection

Authors:
Guoqiang Shu;Dongluo Chen;Zhijun Liu;Na Li;Lifeng Sang;David Lee
Affiliations:
Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210;Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210;Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210;Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210;Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210;Department of Computer Science and Engineering, the Ohio State University, Columbus, USA OH 43210
Venue:
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Year:
2008

Citing 13
Cited 0

Firewall Security: Policies, Testing and Performance Evaluation

COMPSAC '00 24th International Computer Software and Applications Conference
The Honeynet Project: Trapping the Hackers

IEEE Security and Privacy
Fang: A Firewall Analysis Engine

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing

Proceedings of the 2003 ACM workshop on Rapid malcode
Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)

Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)
On state reduction of incompletely specified finite state machines

Computers and Electrical Engineering
Experiences with node virtualization for scalable network emulation

Computer Communications
Architecting the Lumeta firewall analyzer

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Discoverer: automatic protocol reverse engineering from network traces

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection
Virtualized interoperability testing: application to IPv6 network mobility

DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
Policy segmentation for intelligent firewall testing

NPSEC'05 Proceedings of the First international conference on Secure network protocols

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network security devices are becoming more sophisticated and so are the testing processes. Traditional network testbeds face challenges in terms of fidelity, scalability and complexity of security features. In this paper we propose a new methodology of testing security devices using network virtualization techniques, and present an integrated solution, including network emulation, test case specification and automated test execution. Our hybrid network emulation scheme provides high fidelity by host virtualization and scalability by lightweight protocol stack emulation. We also develop an intermediate level test case description language that is suitable for security tests at various network protocol layers and that can be executed automatically on the emulated network. The methodology presented in this paper has been implemented and integrated into a security infrastructure testing system for US Department of Defense and we report the experimental results.