Blowtorch: a framework for firewall test automation

Authors:
Daniel Hoffman;Kevin Yoo
Affiliations:
University of Victoria, Victoria, BC, Canada;University of Victoria, Victoria, BC, Canada
Venue:
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Year:
2005

Citing 11
Cited 5

Evaluation and testing of internet firewalls

International Journal of Network Management
MicroC/OS-II: the real-time kernel

MicroC/OS-II: the real-time kernel
Computer Networks

Computer Networks
The Combinatorial Design Approach to Automatic Test Generation

IEEE Software
A Test Generation Strategy for Pairwise Testing

IEEE Transactions on Software Engineering
Specification-Based Testing of Firewalls

PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Using attributed grammars to test designs and implementations

ICSE '81 Proceedings of the 5th international conference on Software engineering
Red Hat Linux Firewalls

Red Hat Linux Firewalls
Fang: A Firewall Analysis Engine

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Quantitative Study of Firewall Configuration Errors

Computer
A framework for malicious workload generation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

Firewall policy verification and troubleshooting

Computer Networks: The International Journal of Computer and Telecommunications Networking
Two case studies in grammar-based test generation

Journal of Systems and Software
Firewall policy change-impact analysis

ACM Transactions on Internet Technology (TOIT)
First step towards automatic correction of firewall policy faults

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Change-impact analysis of firewall policies

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls play a crucial role in network security. Experience has shown that the development of firewall rule sets is complex and error prone. Rule set errors can be costly, by allowing damaging traffic in or by blocking legitimate traffic and causing essential applications to fail. Consequently, firewall testing is extremely important. Unfortunately, it is also hard and there is little tool support available.Blowtorch is a C++ framework for firewall test generation. The central construct is the packet iterator: an event-driven generator of timestamped packet streams. Blowtorch supports the development of packet iterators with a library for packet header creation and parsing, a transmit scheduler for multiplexing of multiple packet streams, and a receive monitor for demultiplexing of arriving packet streams. The framework provides iterators which generate packet streams using covering arrays, production grammars, and replay of captured TCP traffic. Blowtorch has been used to develop tests for industrial firewalls that are placed between an IT network and a process control network.