An Environment for Specification-Based Firewall Conformance Testing
نویسندگان
چکیده
The HOL-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/HOL supports the customization as well as the development of highly automated add-ons working in specific application domains. In this paper, we present HOL-TestGen/fw, an add-on for the test framework HOL-TestGen, that allows for testing the conformance of firewall implementations to high-level security policies. Based on generic theories specifying a security-policy language, we developed specific theories for network data and firewall policies. On top of these firewall specific theories, we provide mechanisms for policy transformations based on derived rules and adapted code-generators producing test drivers. Our empirical evaluations shows that HOL-TestGen/fw is a competitive environment for testing firewalls or high-level policies of local networks.
منابع مشابه
hol-TestGen/fw - An Environment for Specification-Based Firewall Conformance Testing
The HOL-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/HOL supports the customization as well as the development of highly automated add-ons working in specific application domains. In this paper, we present HOL-TestGen/fw, an add-on for the tes...
متن کاملFormal firewall conformance testing: an application of test and proof techniques
fo r yo ur pe rs on al us e. N ot fo r re di st rib ut io n. Th e de fin iti ve ve rs io n w as pu bl is he d in So ftw ar e Te st in g, Ve ri fic at io n & Re lia bi lit y (S TV R) ,p p. 1– 40 ,2 01 4. SOFTWARE TESTING, VERIFICATION AND RELIABILITY Softw. Test. Verif. Reliab. 2014; 00:1–40 Published online in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/stvr Formal Firewall Co...
متن کاملFirewall Conformance Testing
Test Cases for Mealy AutomataIdea: Ensure that every transition of a specification automatonMspec is correctly implemented in the implementation automatonMimp.For every transition from state si to state sj do:in generalfor TCP1) Bring Mimp to the initial state s1Use RST2) Transfer Mimp to state si3) Test the transitionUse a Test Tree4) Verify that...
متن کاملDecomposability in Input Output Conformance Testing
We study the problem of deriving a specification for a third-party component, based on the specification of the system and the environment in which the component is supposed to reside. Particularly, we are interested in using component specifications for conformance testing of black-box components, using the theory of input-output conformance (ioco) testing. We propose and prove sufficient crit...
متن کاملModel-Based Firewall Conformance Testing
Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate. We present a substantial case study performed with the model-based testing tool HOL-TestGen. Based on a formal model of firewalls and their policies in higher-order logic (HOL), we first present a d...
متن کامل