Policy segmentation for intelligent firewall testing

Authors:
Adel El-Atawy;Khaled Ibrahim;Hazem Hamed;Ehab Al-Shaer
Affiliations:
School of Computer Science, Telecommunication and Information Systems, DePaul University, Chicago, Illinois;School of Computer Science, Telecommunication and Information Systems, DePaul University, Chicago, Illinois;School of Computer Science, Telecommunication and Information Systems, DePaul University, Chicago, Illinois;School of Computer Science, Telecommunication and Information Systems, DePaul University, Chicago, Illinois
Venue:
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Year:
2005

Citing 9
Cited 6

Graph-Based Algorithms for Boolean Function Manipulation

IEEE Transactions on Computers
Black-box testing: techniques for functional testing of software and systems

Black-box testing: techniques for functional testing of software and systems
Building Internet firewalls (2nd ed.)

Building Internet firewalls (2nd ed.)
Validation, Verification, and Testing of Computer Software

ACM Computing Surveys (CSUR)
The CERT guide to system and network security practices

The CERT guide to system and network security practices
Specification-Based Testing of Firewalls

PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Architecting the Lumeta firewall analyzer

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Modeling and Management of Firewall Policies

IEEE Transactions on Network and Service Management
Algorithms for packet classification

IEEE Network: The Magazine of Global Internetworking

Vulnerability analysis For evaluating quality of protection of security policies

Proceedings of the 2nd ACM workshop on Quality of protection
PolicyVis: firewall security policy visualization and inspection

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Model-Based Firewall Conformance Testing

TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
VCSTC: Virtual Cyber Security Testing Capability --- An Application Oriented Paradigm for Network Infrastructure Protection

TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Firewall policy verification and troubleshooting

Computer Networks: The International Journal of Computer and Telecommunications Networking
FAME: a firewall anomaly management environment

Proceedings of the 3rd ACM workshop on Assurable and usable security configuration

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.