Title :
Policy segmentation for intelligent firewall testing
Author :
El-Atawy, Adel ; Ibrahim, Khaled ; Hamed, Hazem ; Al-Shaer, Ehab
Author_Institution :
Sch. of Comput. Sci., Telecommun., & Inf. Syst., DePaul Univ., Chicago, IL, USA
Abstract :
Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.
Keywords :
computer networks; intelligent networks; telecommunication security; telecommunication traffic; intelligent firewall testing; network security; network traffic; packet filtering algorithms; policy segmentation; Algorithm design and analysis; Automatic testing; Computer science; Computer security; Filtering algorithms; Information security; Information systems; Standards development; Telecommunication standards; Telecommunication traffic;
Conference_Titel :
Secure Network Protocols, 2005. (NPSec). 1st IEEE ICNP Workshop on
Print_ISBN :
0-7803-9427-5
DOI :
10.1109/NPSEC.2005.1532056
