用于生成测试用例的已验证防火墙策略转换

2010 Third International Conference on Software Testing, Verification and Validation Pub Date : 2010-04-06 DOI:10.1109/ICST.2010.50

Achim D. Brucker, Lukas Brügger, P. Kearney, B. Wolff

{"title":"用于生成测试用例的已验证防火墙策略转换","authors":"Achim D. Brucker, Lukas Brügger, P. Kearney, B. Wolff","doi":"10.1109/ICST.2010.50","DOIUrl":null,"url":null,"abstract":"We present an optimization technique for model-based generation of test cases for firewalls. Starting from a formal model for firewall policies in higher-order logic, we derive a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage. The correctness of the rules and the algorithm is established by formal proofs in Isabelle/HOL. Finally, we use the normalized policies to generate test cases with the domain-specific firewall testing tool HOL-TestGen/FW. The resulting procedure is characterized by a gain in efficiency of two orders of magnitude. It can handle configurations with hundreds of rules such as frequently occur in practice. Our approach can be seen as an instance of a methodology to tame inherent state-space explosions in test case generation for security policies.","PeriodicalId":192678,"journal":{"name":"2010 Third International Conference on Software Testing, Verification and Validation","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"Verified Firewall Policy Transformations for Test Case Generation\",\"authors\":\"Achim D. Brucker, Lukas Brügger, P. Kearney, B. Wolff\",\"doi\":\"10.1109/ICST.2010.50\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present an optimization technique for model-based generation of test cases for firewalls. Starting from a formal model for firewall policies in higher-order logic, we derive a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage. The correctness of the rules and the algorithm is established by formal proofs in Isabelle/HOL. Finally, we use the normalized policies to generate test cases with the domain-specific firewall testing tool HOL-TestGen/FW. The resulting procedure is characterized by a gain in efficiency of two orders of magnitude. It can handle configurations with hundreds of rules such as frequently occur in practice. Our approach can be seen as an instance of a methodology to tame inherent state-space explosions in test case generation for security policies.\",\"PeriodicalId\":192678,\"journal\":{\"name\":\"2010 Third International Conference on Software Testing, Verification and Validation\",\"volume\":\"53 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Third International Conference on Software Testing, Verification and Validation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICST.2010.50\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Third International Conference on Software Testing, Verification and Validation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICST.2010.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

摘要

我们提出了一种基于模型的防火墙测试用例生成的优化技术。从高阶逻辑中防火墙策略的正式模型开始，我们导出了一组保持语义的策略转换规则和一种算法，该算法根据路径覆盖所需的测试用例的数量来优化规范。在Isabelle/HOL中通过形式化证明证明了规则和算法的正确性。最后，我们使用规范化策略与特定于域的防火墙测试工具HOL-TestGen/FW生成测试用例。由此产生的程序的特点是效率提高了两个数量级。它可以处理具有数百条规则的配置，例如在实践中经常出现的配置。我们的方法可以看作是在安全策略的测试用例生成中驯服固有状态空间爆炸的方法的一个实例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Verified Firewall Policy Transformations for Test Case Generation

We present an optimization technique for model-based generation of test cases for firewalls. Starting from a formal model for firewall policies in higher-order logic, we derive a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage. The correctness of the rules and the algorithm is established by formal proofs in Isabelle/HOL. Finally, we use the normalized policies to generate test cases with the domain-specific firewall testing tool HOL-TestGen/FW. The resulting procedure is characterized by a gain in efficiency of two orders of magnitude. It can handle configurations with hundreds of rules such as frequently occur in practice. Our approach can be seen as an instance of a methodology to tame inherent state-space explosions in test case generation for security policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Third International Conference on Software Testing, Verification and Validation

自引率

0.00%

发文量