Firewall Conformance Testing

  • Diana Senn
  • David Basin
  • Germano Caronni
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3502)


Firewalls are widely used to protect networks from unauthorised access. To ensure that they implement an organisation’s security policy correctly, they need to be tested. We present an approach that addresses this problem. Namely, we show how an organisation’s network security policy can be formally specified in a high-level way, and how this specification can be used to automatically generate test cases to test a deployed system. In contrast to other firewall testing methodologies, such as penetration testing, our approach tests conformance to a specified policy. Our test cases are organisation-specific — i.e. they depend on the security requirements and on the network topology of an organisation — and can uncover errors both in the firewall products themselves and in their configuration.


  1. [BCG+01]
    Burns, J., Cheng, A., Gurung, P., Rajagopalan, S., Rao, P., Rosenbluth, D., Surendran, A.V., Martin, D.M.: Automatic management of network security policy. In: Proceedings of DISCEX II (2001)Google Scholar
  2. [BMNW99]
    Bartal, Y., Mayer, A.J., Nissim, K., Wool, A.: Firmato: A novel firewall management toolkit. In: IEEE Symposium on Security and Privacy, pp. 17–31 (1999)Google Scholar
  3. [BMNW03]
    Bartal, Y., Mayer, A.J., Nissim, K., Wool, A.: Firmato: A novel firewall management toolkit. Technical report, Dept. Electrical Engineering Systems, Tel Aviv University, Ramat Aviv 69978 Israel (February 2003)Google Scholar
  4. [Cho78]
    Chow, T.S.: Testing software design modeled by finite-state machines. IEEE Transactions on Software Engineering SE-4(3), 178–187 (1978)CrossRefMATHGoogle Scholar
  5. [FLYV93]
    Fuller, V., Li, T., Yu, J., Varadhan, K.: RFC 1519: Classless inter-domain routing (CIDR): an address assignment and aggregation strategy (September 1993),
  6. [GG75]
    Goodenough, J.B., Gerhart, S.L.: Toward a theory of test data selection. IEEE Transactions on Software Engineering (TSE) 1(2), 156–173 (1975)MathSciNetCrossRefGoogle Scholar
  7. [Gil61]
    Gill, A.: State-identification experiments in finite automata. Information and Control 4, 132–154 (1961)MathSciNetCrossRefMATHGoogle Scholar
  8. [Gil62]
    Gill, A.: Introduction to the Theory of Finite-state Machines. McGraw-Hill, New York (1962)MATHGoogle Scholar
  9. [Gut97]
    Guttman, J.D.: Filtering postures: Local enforcement for global policies. In: 1997 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–129. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  10. [Hae97]
    Haeni, R.E.: Firewall penetration testing. Technical report, The George Washington University Cyberspace Policy Institute, 2033 K St, Suite 340N, Washington, DC, 20006, US (January 1997)Google Scholar
  11. [JW01]
    Jürjens, J., Wimmel, G.: Specification based testing: Towards practice. In: Ershov, A. (ed.) PSI 2001. LNCS, vol. 2244, p. 287. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. [MWZ00]
    Mayer, A., Wool, A., Ziskind, E.: Fang: A firewall analysis engine. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), May 2000, pp. 177–187 (2000)Google Scholar
  13. [RSC+02]
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC 3261 SIP: Session initiation protocol (June 2002),
  14. [Sch96]
    Schultz, E.: How to perform effective firewall testing. Computer Security Journal 12(1), 47–54 (1996)Google Scholar
  15. [SD88]
    Sabnani, K., Dahbura, A.: A protocol test generation procedure. Computer Networks and ISDN Systems 15, 285–297 (1988)CrossRefGoogle Scholar
  16. [Woo01]
    Wool, A.: Architecting the lumeta firewall analyzer. In: Proceedings of the 10th USENIX Security Symposium, August 2001, pp. 85–97 (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Diana Senn
    • 1
  • David Basin
    • 1
  • Germano Caronni
    • 1
  1. 1.ETH ZürichZürichSwitzerland

Personalised recommendations