Formal firewall conformance testing: an application of test and proof techniques. (27th August 2014)
- Record Type:
- Journal Article
- Title:
- Formal firewall conformance testing: an application of test and proof techniques. (27th August 2014)
- Main Title:
- Formal firewall conformance testing: an application of test and proof techniques
- Authors:
- Brucker, Achim D.
Brügger, Lukas
Wolff, Burkhart - Abstract:
- <abstract abstract-type="main" id="stvr1544-abs-0001"> <title>SUMMARY</title> <p id="stvr1544-para-0001">Firewalls are an important means to secure critical <sc>ICT</sc> infrastructures. As configurable off‐the‐shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. While testing the implementation can be done once by the manufacturer, the configuration needs to be tested for each application individually. This is particularly challenging as the configuration, implementing a firewall policy, is inherently complex, hard to understand, administrated by different stakeholders and thus difficult to validate. This paper presents a formal model of both stateless and stateful firewalls (packet filters), including <sc>NAT</sc>, to which a specification‐based conformance test case generation approach is applied. Furthermore, a verified optimisation technique for this approach is presented: starting from a formal model for stateless firewalls, a collection of semantics‐preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage of the model are derived. We extend an existing approach that integrates verification and testing, that is, tests and proofs to support conformance testing of network policies. The presented approach is supported by a test framework that allows to test actual<abstract abstract-type="main" id="stvr1544-abs-0001"> <title>SUMMARY</title> <p id="stvr1544-para-0001">Firewalls are an important means to secure critical <sc>ICT</sc> infrastructures. As configurable off‐the‐shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. While testing the implementation can be done once by the manufacturer, the configuration needs to be tested for each application individually. This is particularly challenging as the configuration, implementing a firewall policy, is inherently complex, hard to understand, administrated by different stakeholders and thus difficult to validate. This paper presents a formal model of both stateless and stateful firewalls (packet filters), including <sc>NAT</sc>, to which a specification‐based conformance test case generation approach is applied. Furthermore, a verified optimisation technique for this approach is presented: starting from a formal model for stateless firewalls, a collection of semantics‐preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage of the model are derived. We extend an existing approach that integrates verification and testing, that is, tests and proofs to support conformance testing of network policies. The presented approach is supported by a test framework that allows to test actual firewalls using the test cases generated on the basis of the formal model. Finally, a report on several larger case studies is presented. Copyright © 2014 John Wiley &amp; Sons, Ltd.</p> </abstract> … (more)
- Is Part Of:
- Software testing, verification & reliability. Volume 25:Number 1(2015:Jan.)
- Journal:
- Software testing, verification & reliability
- Issue:
- Volume 25:Number 1(2015:Jan.)
- Issue Display:
- Volume 25, Issue 1 (2015)
- Year:
- 2015
- Volume:
- 25
- Issue:
- 1
- Issue Sort Value:
- 2015-0025-0001-0000
- Page Start:
- 34
- Page End:
- 71
- Publication Date:
- 2014-08-27
- Subjects:
- Computer software -- Testing -- Periodicals
Computer software -- Verification -- Periodicals
Computer software -- Reliability -- Periodicals
005.14 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/stvr.1544 ↗
- Languages:
- English
- ISSNs:
- 0960-0833
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.457500
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 4354.xml