Model-Based Testing of SDN Firewalls: A Case Study

In Software defined networking (SDN), security mechanisms such as firewalls need to deal with dynamic network environments. This raises challenges for quality assurance of these security mechanisms. This paper presents a case study on model-based testing of SDN firewall programs. The subject program is the firewall module of Floodlight, one of the most popular SDN platforms in Java. We model the expected firewall behavior with function nets, a modeling formalism in the MISTA tool. The test code is generated automatically by MISTA. The result of our case study shows that the generated model-based tests have achieved much higher mutation coverage than the existing Junit tests in the Floodlight firewall program. This indicates that model-based testing can be a viable option for quality assurance of SDN-based firewall programs.