The hol-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/hol supports the customization as well as the development of highly automated add-ons working in specific application domains.
In this paper, we present hol-TestGen/fw, an add-on for the test framework hol-TestGen, that allows for testing the conformance of firewall implementations to high-level security policies. Based on generic theories specifying a security-policy language, we developed specific theories for network data and firewall policies. On top of these firewall specific theories, we provide mechanisms for policy transformations based on derived rules and adapted code-generators producing test drivers. Our empirical evaluations shows that hol-TestGen/fw is a competitive environment for testing firewalls or high-level policies of local networks.
Keywordssymbolic test case generations black box testing theorem proving network security firewall testing conformance testing
Unable to display preview. Download preview PDF.
- 1.von Bidder, D.: Specification-based firewall testing. Ph.d. thesis, ETH Zurich, ETH Dissertation No. 17172. Diana von Bidder’s maiden name is Diana Senn (2007)Google Scholar
- 2.Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: Verified firewall policy transformations for test-case generation. In: Third International Conference on Software Testing, Verification, and Validation (ICST) , pp. 345–354. IEEE Computer Society (2010), doi:10.1109/ICST.2010.50Google Scholar
- 3.Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: An approach to modular and testable security models of real-world health-care applications. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 133–142. ACM Press (2011), doi:10.1145/1998441.1998461Google Scholar
- 4.Brucker, A.D., Brügger, L., Wolff, B.: Formal firewall testing: An exercise in test and proof. Submitted for publication (2013)Google Scholar
- 7.Brucker, A.D., Wolff, B.: On theorem prover-based testing. Formal Aspects of Computing, FAC (2012), doi:10.1007/s00165-012-0222-yGoogle Scholar
- 8.Brügger, L.: A framework for modelling and testing of security policies. Ph.D. thesis, ETH Zurich, ETH Dissertation No. 20513 (2012)Google Scholar
- 9.El-Atawy, A., Ibrahim, K., Hamed, H., Al-Shaer, E.: Policy segmentation for intelligent firewall testing. In: NPSec 2005, pp. 67–72. IEEE Computer Society (2005)Google Scholar
- 10.El-Atawy, A., Samak, T., Wali, Z., Al-Shaer, E., Lin, F., Pham, C., Li, S.: An automated framework for validating firewall policy enforcement. In: POLICY 2007, pp. 151–160. IEEE Computer Society (2007)Google Scholar