Formal Firewall Conformance Testing: An Application of Test and Proof Techniques

Abstract : Firewalls are an important means to secure critical ICT infrastructures. As configurable off-the-shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. While testing the implementation can be done once by the manufacturer, the configuration needs to be tested for each application individually. This is particularly challenging as the configuration, implementing a firewall policy, is inherently complex, hard to understand, administrated by different stakeholders and, thus, difficult to validate. This paper presents a formal model of both stateless and stateful firewalls (packet filters), including network address translation (NAT), to which a specification-based conformance test case generation approach is applied. Furthermore, a verified optimisation technique for this approach is presented: Starting from a formal model for stateless firewalls, a collection of semantics-preserving policy transformation rules and an algorithm that optimises the specification with respect of the number of test cases required for path coverage of the model are derived. We extend an existing approach that integrates verification and testing, i. e., tests and proofs to support conformance testing of network policies. The presented approach is supported by a test framework that allows to test actual firewalls using the test cases generated based on the formal model. Finally, a report on several larger case studies is presented.
Type de document :
Article dans une revue
Journal of Software Testing, Verification, and Reliability, John Wiley & Sons, 2015, 25 (1), pp.34-71. 〈http://onlinelibrary.wiley.com/doi/10.1002/stvr.1544/abstract〉. 〈10.1002/stvr.1544〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01213717
Contributeur : Burkhart Wolff <>
Soumis le : jeudi 8 octobre 2015 - 19:30:03
Dernière modification le : mardi 24 avril 2018 - 13:36:16

Lien texte intégral

Identifiants

Citation

Achim D. Brucker, Brügger Lukas, Burkhart Wolff. Formal Firewall Conformance Testing: An Application of Test and Proof Techniques. Journal of Software Testing, Verification, and Reliability, John Wiley & Sons, 2015, 25 (1), pp.34-71. 〈http://onlinelibrary.wiley.com/doi/10.1002/stvr.1544/abstract〉. 〈10.1002/stvr.1544〉. 〈hal-01213717〉

Partager

Métriques

Consultations de la notice

138