Specification-Based Testing of Firewalls

Jürjens, Jan; Wimmel, Guido

doi:10.1007/3-540-45575-2_31

Jan Jürjens⁷ &
Guido Wimmel⁸

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2244))

Included in the following conference series:

International Andrei Ershov Memorial Conference on Perspectives of System Informatics

398 Accesses
21 Citations

Abstract

Firewalls protect hosts in a corporate network from attacks. Together with the surrounding network infrastructure, they form a complex system, the security of which relies crucially on the correctness of the firewalls. We propose a method for specification-based testing of firewalls. It enables to formally model the firewalls and the surrounding network and to mechanically derive test-cases checking the firewalls for vulnerabilities. We use a general CASE-tool which makes our method fiexible and easy to use.

This work was partially supported by the Studienstiftung des deutschen Volkes, and by the German Ministry of Economics within the FairPay project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

M. Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation. In Theoretical Aspects of Computer Software (TACS’01), LNCS. Springer, 2001.
Google Scholar
S. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communication Review, 19(2):32–48, 1989.
Article Google Scholar
Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In Security and Privacy, 1999.
Google Scholar
W. Cheswick and S. Bellovin. Firewalls and Internet Security: repelling the wily hacker. Addison-Wesley, 1994.
Google Scholar
M. Freiss. Protecting Networks with SATAN. O’Reilly, 1998.
Google Scholar
J. Guttman. Filtering postures: Local enforcement for global policies. In IEEE Symposium on Security and Privacy, 1997.
Google Scholar
J. Guttman. Security goals: Packet trajectories and strand spaces. In R. Gorrieri and R. Focardi, editors, Foundations of Security Analysis and Design, LNCS. Springer, 2001. Forthcoming.
Google Scholar
F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155–164, 1998.
Google Scholar
F. Huber, S. Molterer, B. Schätz, O. Slotosch, and A. Vilbig. Trafic Lights-An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282–294. IEEE Computer Society, 1998.
Google Scholar
Jan Jürjens. Composability of secrecy. In International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS 2001), volume 2052 of LNCS, pages 28–38. Springer, 2001.
Google Scholar
Jan Jürjens. Secrecy-preserving refinement. In Formal Methods Europe (International Symposium), volume 2021 of LNCS, pages 135–152. Springer, 2001.
Google Scholar
H. Lötzbeyer and A. Pretschner. Testing concurrent reactive systems with constraint logic programming. In 2nd Workshop on Rule-Based Constraint Reasoning and Programming, Singapore, 2000.
Google Scholar
A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine. In IEEE Symposium on Security and Privacy, 2000.
Google Scholar
R. Ritchey and P. Ammann. Using model checking to analyze network vulnerabilities. In IEEE Symposium on Security and Privacy, 2000.
Google Scholar
C. Schuba. On the Modeling, Design, and Implementation of Firewall Technology. PhD thesis, CERIAS, Purdue, 1997.
Google Scholar
G. Wimmel. Specification Based Determination of Test Sequences in Embedded Systems. Master’s thesis, Technische Universität München, 2000.
Google Scholar
G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Munich University of Technology, 80290, München, TU München, Germany
Jan Jürjens
Computing Laboratory, University of Oxford, Wolfson Building, Parks Road, OX1 3QD, Oxford, Great Britain
Guido Wimmel

Authors

Jan Jürjens
View author publications
You can also search for this author in PubMed Google Scholar
Guido Wimmel
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Informatics and Mathematical Modelling, Technical University of Denmark, Bldg.322, 106-108, Richard Petersens Plads, 2800, Lyngby, Denmark
Dines Bjørner
Computer Science Department, Technical University of Munich, Arcisstr.21, 80290, Munich, Germany
Manfred Broy
A.P.Ershov Institute of Informatics Systems, Acad.Lavrentjev ave.,6, 630090, Novosibirsk, Russia
Alexandre V. Zamulin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Jürjens, J., Wimmel, G. (2001). Specification-Based Testing of Firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds) Perspectives of System Informatics. PSI 2001. Lecture Notes in Computer Science, vol 2244. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45575-2_31

Download citation

DOI: https://doi.org/10.1007/3-540-45575-2_31
Published: 18 December 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43075-9
Online ISBN: 978-3-540-45575-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics