Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
An Automated Framework for Validating Firewall Policy Enforcement
 

Summary: An Automated Framework for Validating Firewall
Policy Enforcement
Adel El­Atawy # , Taghrid Samak # , Zein Wali # , Ehab Al­Shaer # ,Sheng Li +
# School of Computer Science, Telecommunication, and Information Systems
DePaul University
Chicago, Illinois 60604
Email: {aelatawy, taghrid, zwali, ehab}@cs.depaul.edu
+ Cisco
San Jose, California 95134
Email: {fclin, chpham, sheli}@cisco.com
Abstract
The implementation of network security devices such as firewalls and IDSs are constantly being improved to
accommodate higher security and performance standards. Using reliable and yet practical techniques for testing the
functionality of firewall devices particularly after new filtering implementation or optimization becomes necessary
to assure proven security. Generating random traffic to test the functionality of firewall matching is inefficient and
inaccurate as it requires an exponential number of test cases for a reasonable coverage. In addition, in most cases
the policies used during testing are limited and manually generated representing fixed policy profiles.
In this paper, we present a framework for automatic testing of the firewall policy enforcement or implementation
using efficient random traffic and policy generation techniques. Our framework is a two­stage architecture that
provides a satisfying coverage of the firewall operational states. A large variety of policies are randomly generated

  

Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University

 

Collections: Computer Technologies and Information Sciences