Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate.

We present a substantial case study performed with the model-based testing tool TestGen. Based on a formal model of firewalls and their policies in higher-order logic hol, we first present a derived theory for simplifying policies. We discuss different test plans for test specifications. Finally, we show how to integrate these issues to a domain-specific firewall testing tool holTestGen/fw.


Security Testing Model-based Testing Firewall Conformance Testing 


  1. 1.
    Andrews, P.B.: Introduction to Mathematical Logic and Type Theory: To Truth through Proof, 2nd edn. Kluwer Academic Publishers, Dordrecht (2002)CrossRefzbMATHGoogle Scholar
  2. 2.
    Bishop, S., Fairbairn, M., Norrish, M., Sewell, P., Smith, M., Wansbrough, K.: Engineering with logic: HOL specification and symbolic-evaluation testing for Tcp implementations. In: Gregory Morrisett, J., Peyton Jones, S.L. (eds.) POPL, pp. 55–66. ACM Press, New York (2006) Google Scholar
  3. 3.
    Brucker, A.D., Wolff, B.: hol-T estG en 1.0.0 user guide. Technical Report 482, eth Zurich, April (2005a) Google Scholar
  4. 4.
    Brucker, A.D., Wolff, B.: Symbolic test case generation for primitive recursive functions. In: Grabowski, J., Nielsen, B. (eds.) FATES 2004. LNCS, vol. 3395, pp. 16–32. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Brucker, A.D., Wolff, B.: Test-sequence generation with hol-T estG en. In: Gurevich, Y., Meyer, B. (eds.) TAP 2007. LNCS, vol. 4454, pp. 149–168. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  6. 6.
    Church, A.: A formulation of the simple theory of types. Journal of Symbolic Logic 5(2), 56–68 (1940)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    El-Atawy, A., Ibrahim, K., Hamed, H., Al-Shaer, E.: Policy segmentation for intelligent firewall testing. In: NPSec 2005, pp. 67–72. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  8. 8.
    El-Atawy, A., Samak, T., Wali, Z., Al-Shaer, E., Lin, F., Pham, C., Li, S.: An automated framework for validating firewall policy enforcement. In: policy 2007, pp. 151–160. IEEE Computer Society, Los Alamitos (2007) Google Scholar
  9. 9.
    Jürjens, J., Wimmel, G.: Specification-based testing of firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 308–316. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Marmorstein, R., Kearns, P.: Firewall analysis with policy-based host classification. In: lisa 2006, pp. 4–4. usenix Association (2006) Google Scholar
  11. 11.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  12. 12.
    Senn, D., Basin, D., Caronni, G.: Firewall conformance testing. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, pp. 226–241. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    von Bidder, D.: Specification-based Firewall Testing. Ph.D. Thesis, eth Zurich, eth Diss. No. 17172. Diana von Bidder’s maiden name is Diana Senn (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Achim D. Brucker
    • 1
  • Lukas Brügger
    • 2
  • Burkhart Wolff
    • 3
  1. 1.SAP ResearchKarlsruheGermany
  2. 2.Information SecurityETH ZurichZurichSwitzerland
  3. 3.Universität des SaarlandesSaarbrückenGermany

Personalised recommendations