| | |
Summary: An Automated Framework for Validating Firewall Policy Enforcement
Adel El-Atawy, Taghrid Samak, Zein Wali, Ehab Al-Shaer
School of Computer Science, Telecommunication, and Information Systems
DePaul University
Chicago, Illinois 60604
Email: {aelatawy, taghrid, zwali, ehab}@cs.depaul.edu
Frank Lin, Christopher Pham, Sheng Li
Cisco
San Jose, California 95134
Email: {fclin, chpham, sheli}@cisco.com
Abstract
The implementation of network security devices such as
firewalls and IDSs are constantly being improved to accom-
modate higher security and performance standards. Using
reliable and yet practical techniques for testing the func-
tionality of firewall devices particularly after new filtering
implementation or optimization becomes necessary to as-
sure required security. Generating random traffic to test the
functionality of firewall matching is inefficient and inaccu-
rate as it requires an exponential number of test cases for
|
