An Automated Framework for Validating Firewall Policy Enforcement
作者: Adel El-Atawy , Taghrid Samak , Zein Wali , Ehab Al-Shaer , Frank Lin
关键词:
摘要: The implementation of network security devices such as firewalls and IDSs are constantly being improved to accommodate higher performance standards. Using reliable yet practical techniques for testing the functionality firewall particularly after new filtering or optimization becomes necessary assure required security. Generating random traffic test matching is inefficient inaccurate it requires an exponential number cases a reasonable coverage. In addition, in most policies used during limited manually generated representing fixed policy profiles. this paper, we present framework automatic enforcement using efficient generation techniques. Our two-stage architecture that provides satisfying coverage operational states. A large variety randomly according custom profiles also based on grammar access control list. Testing packets then intelligently proportional critical regions validate policies. We describe our Cisco IOS, which includes generation, capturing analyzing out put, creating detailed reports. evaluation results show automated not only achievable but offers dramatically degree confidence than manual testing.
ieeecomputersociety.org参考文章(9)
Jan Jürjens, Guido Wimmel, Specification-Based Testing of Firewalls international andrei ershov memorial conference on perspectives of system informatics. pp. 308- 316 ,(2001) , 10.1007/3-540-45575-2_31
Boris Beizer, Software Testing Techniques ,(1983)
Avishai Wool, Architecting the Lumeta firewall analyzer usenix security symposium. pp. 7- 7 ,(2001)
Khalid Al-Tawil, Ibrahim A. Al-Kaltham, Evaluation and testing of internet firewalls International Journal of Network Management. ,vol. 9, pp. 135- 149 ,(1999) , 10.1002/(SICI)1099-1190(199905/06)9:3<135::AID-NEM311>3.0.CO;2-5
Boris Beizer, Software testing techniques (2nd ed.) Van Nostrand Reinhold Co.. ,(1990)
J. Wiley, B. Beizer, Black-Box Testing: Techniques for Functional Testing of Software and Systems ,(1995)
A. Mayer, A. Wool, E. Ziskind, Fang: a firewall analysis engine ieee symposium on security and privacy. pp. 177- 187 ,(2000) , 10.1109/SECPRI.2000.848455
W. Richards Adrion, Martha A. Branstad, John C. Cherniavsky, Validation, Verification, and Testing of Computer Software ACM Computing Surveys. ,vol. 14, pp. 159- 192 ,(1982) , 10.1145/356876.356879
Reto E. Haeni, Firewall Penetration Testing ,(1997)