防火墙测试安全策略的有向无环图建模

2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI:10.1109/SSIRI.2009.52

Tugkan Tuglular, Özgür Kaya, Can Arda Muftuoglu, F. Belli

{"title":"防火墙测试安全策略的有向无环图建模","authors":"Tugkan Tuglular, Özgür Kaya, Can Arda Muftuoglu, F. Belli","doi":"10.1109/SSIRI.2009.52","DOIUrl":null,"url":null,"abstract":"Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"49 10","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Directed Acyclic Graph Modeling of Security Policies for Firewall Testing\",\"authors\":\"Tugkan Tuglular, Özgür Kaya, Can Arda Muftuoglu, F. Belli\",\"doi\":\"10.1109/SSIRI.2009.52\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.\",\"PeriodicalId\":196276,\"journal\":{\"name\":\"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement\",\"volume\":\"49 10\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSIRI.2009.52\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2009.52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

目前，机构的网络安全高度依赖防火墙，防火墙通过实施安全策略将不可信网络与可信网络隔离开来。防火墙中使用的安全策略是一组有序的规则，其中每个规则表示为一个谓词和一个动作。本文提出了用有向无环图(DAG)对防火墙规则进行建模，从而自动生成防火墙测试用例。提出的方法遵循了为事件序列图开发的测试用例生成算法。在局域网设置下，借助专门开发的软件，将生成的测试用例转换为网络测试包，将测试包发送到被测防火墙(FUT)，并将发送的包与通过的包进行比较，从而确定测试结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Directed Acyclic Graph Modeling of Security Policies for Firewall Testing

Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement

自引率

0.00%

发文量