Title :
Offline Validation of Firewalls
Author :
Windmüller, Stephan
Author_Institution :
Dept. of Program. Syst., Tech. Univ. Dortmund, Dortmund, Germany
Abstract :
This paper introduces a simulation environment for testing firewall configurations without the need of an actual, complex network setup. It assists the user in defining the required rule set based on an existing, informal security concept and in validating the resulting setup virtually. Configurations consisting of network hosts and permitted or not permitted services are modeled using a graphical environment. A framework which supports model-driven development is used to visualize the resulting configuration in a single graph. Existing plug-ins can be used to check single nodes or the whole graph using model checking. Additionally it is possible to simulate the packet flow and track errors without actually setting up one of the network devices. Test cases may be defined manually, produced by an automatic packet generator or even imported from previously captured, genuine network traffic. Multiple operating systems and firewall products are supported without forcing the user to learn the implementation details between them.
Keywords :
authorisation; formal verification; operating systems (computers); automatic packet generator; firewall configuration testing; graphical environment; informal security; model checking; model-driven development; network traffic; offline validation; operating system; rule set; simulation environment; Electronic mail; Fires; Saturn; Security; Servers; Workstations; XML; Firewall; Model-Checking; Security; Validation;
Conference_Titel :
Software Engineering Workshop (SEW), 2011 34th IEEE
Conference_Location :
Limerick
Print_ISBN :
978-1-4673-0245-6
DOI :
10.1109/SEW.2011.11
