Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Policy Segmentation for Intelligent Firewall Testing Adel ElAtawy, Khaled Ibrahim, Hazem Hamed, Ehab AlShaer

Summary: Policy Segmentation for Intelligent Firewall Testing
Adel El­Atawy, Khaled Ibrahim, Hazem Hamed, Ehab Al­Shaer
School of Computer Science, Telecommunication, and Information Systems
DePaul University, Chicago, Illinois, USA
Email: {aelatawy,kibrahim,hhamed,ehab}@cs.depaul.edu
Abstract--- Firewall development and implementation are con­
stantly being improved to accommodate higher security and
performance standards. Using reliable yet practical techniques
for testing new packet filtering algorithms and firewall design
implementations from a functionality point of view becomes
necessary to assure the required security. In this paper, an
efficient paradigm for automated testing of firewalls with respect
to their internal implementation and security policies is proposed.
Randomly testing the firewall matching functionality requires
exponential number of testing scenarios and thus an impractically
long testing period. We propose a novel firewall testing technique
using policy­based segmentation of the traffic address space,
which can intelligently adapt the test traffic generation to target
potential erroneous regions in the firewall input space. We also
show that our automated approach of test case generation,


Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University


Collections: Computer Technologies and Information Sciences