Title :
Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
Author :
Tuglular, T. ; Kaya, Ö ; Muftuoglu, Can Arda ; Belli, F.
Author_Institution :
Dept. of Comput. Eng., Izmir Inst. of Technol., Izmir, Turkey
Abstract :
Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.
Keywords :
authorisation; directed graphs; program testing; directed acyclic graph modeling; firewall testing; model-based validation; model-based verification; network test packets; security policies; test case generation algorithm; Automatic testing; Computer networks; Computer security; Conferences; Decision making; Formal languages; Mathematical model; Protocols; Software testing; Traffic control; Directed Acyclic Graphs; Event Sequence Graphs; Firewall Policies; Firewall Testing; Firewalls; Security Testing;
Conference_Titel :
Secure Software Integration and Reliability Improvement, 2009. SSIRI 2009. Third IEEE International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3758-0
DOI :
10.1109/SSIRI.2009.52
