Skip to Main content Skip to Navigation
Journal articles

Formal Firewall Conformance Testing: An Application of Test and Proof Techniques

Abstract : Firewalls are an important means to secure critical ICT infrastructures. As configurable off-the-shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. While testing the implementation can be done once by the manufacturer, the configuration needs to be tested for each application individually. This is particularly challenging as the configuration, implementing a firewall policy, is inherently complex, hard to understand, administrated by different stakeholders and, thus, difficult to validate. This paper presents a formal model of both stateless and stateful firewalls (packet filters), including network address translation (NAT), to which a specification-based conformance test case generation approach is applied. Furthermore, a verified optimisation technique for this approach is presented: Starting from a formal model for stateless firewalls, a collection of semantics-preserving policy transformation rules and an algorithm that optimises the specification with respect of the number of test cases required for path coverage of the model are derived. We extend an existing approach that integrates verification and testing, i. e., tests and proofs to support conformance testing of network policies. The presented approach is supported by a test framework that allows to test actual firewalls using the test cases generated based on the formal model. Finally, a report on several larger case studies is presented.
Document type :
Journal articles
Complete list of metadata
Contributor : Burkhart Wolff <>
Submitted on : Thursday, October 8, 2015 - 7:30:03 PM
Last modification on : Thursday, May 27, 2021 - 1:54:05 PM

Links full text



Achim D. Brucker, Brügger Lukas, Burkhart Wolff. Formal Firewall Conformance Testing: An Application of Test and Proof Techniques. Journal of Software Testing, Verification, and Reliability, John Wiley & Sons, 2015, 25 (1), pp.34-71. ⟨10.1002/stvr.1544⟩. ⟨hal-01213717⟩



Record views