A protocol test generation procedure
Computer Networks and ISDN Systems
Specification-Based Testing of Firewalls
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Testing Software Design Modeled by Finite-State Machines
IEEE Transactions on Software Engineering
A formal approach for testing security rules
Proceedings of the 12th ACM symposium on Access control models and technologies
Midpoints Versus Endpoints: From Protocols to Firewalls
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Model-Based Firewall Conformance Testing
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Protocol-Based Testing of Firewalls
SEEFM '09 Proceedings of the 2009 Fourth South-East European Workshop on Formal Methods
A first order logic security verification model for SIP
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Security mutants for property-based testing
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Test generation for network security rules
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Firewall policy change-impact analysis
ACM Transactions on Internet Technology (TOIT)
Security policy enforcement through refinement process
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
A security enforcement kernel for OpenFlow networks
Proceedings of the first workshop on Hot topics in software defined networks
Change-impact analysis of firewall policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Firewalls are widely used to protect networks from unauthorised access. To ensure that they implement an organisation’s security policy correctly, they need to be tested. We present an approach that addresses this problem. Namely, we show how an organisation’s network security policy can be formally specified in a high-level way, and how this specification can be used to automatically generate test cases to test a deployed system. In contrast to other firewall testing methodologies, such as penetration testing, our approach tests conformance to a specified policy. Our test cases are organisation-specific — i.e. they depend on the security requirements and on the network topology of an organisation — and can uncover errors both in the firewall products themselves and in their configuration.