Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

An Automated Framework for Validating Firewall Policy Enforcement

Summary: An Automated Framework for Validating Firewall
Policy Enforcement
Adel El-Atawy, Taghrid Samak, Zein Wali, Ehab Al-Shaer,Sheng Li
School of Computer Science, Telecommunication, and Information Systems
DePaul University
Chicago, Illinois 60604
Email: {aelatawy, taghrid, zwali, ehab}@cs.depaul.edu
San Jose, California 95134
Email: {fclin, chpham, sheli}@cisco.com
The implementation of network security devices such as firewalls and IDSs are constantly being improved to
accommodate higher security and performance standards. Using reliable and yet practical techniques for testing the
functionality of firewall devices particularly after new filtering implementation or optimization becomes necessary
to assure proven security. Generating random traffic to test the functionality of firewall matching is inefficient and
inaccurate as it requires an exponential number of test cases for a reasonable coverage. In addition, in most cases
the policies used during testing are limited and manually generated representing fixed policy profiles.
In this paper, we present a framework for automatic testing of the firewall policy enforcement or implementation
using efficient random traffic and policy generation techniques. Our framework is a two-stage architecture that
provides a satisfying coverage of the firewall operational states. A large variety of policies are randomly generated


Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University


Collections: Computer Technologies and Information Sciences