Directed Acyclic Graph Modeling of Security Policies for Firewall Testing

Author

Tuglular, T. ; Kaya, Ö ; Muftuoglu, Can Arda ; Belli, F.

Author_Institution

Dept. of Comput. Eng., Izmir Inst. of Technol., Izmir, Turkey

fYear

2009

fDate

8-10 July 2009

Firstpage

393

Lastpage

398

Abstract

Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.

Keywords

authorisation; directed graphs; program testing; directed acyclic graph modeling; firewall testing; model-based validation; model-based verification; network test packets; security policies; test case generation algorithm; Automatic testing; Computer networks; Computer security; Conferences; Decision making; Formal languages; Mathematical model; Protocols; Software testing; Traffic control; Directed Acyclic Graphs; Event Sequence Graphs; Firewall Policies; Firewall Testing; Firewalls; Security Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Secure Software Integration and Reliability Improvement, 2009. SSIRI 2009. Third IEEE International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3758-0

Type

conf

DOI

10.1109/SSIRI.2009.52

Filename

5325343