Skip to main content
SpringerLink
Log in

hol-TestGen/fw

An Environment for Specification-Based Firewall Conformance Testing

  • Conference paper
Theoretical Aspects of Computing – ICTAC 2013 (ICTAC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8049))

Included in the following conference series:

Abstract

The hol-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/hol supports the customization as well as the development of highly automated add-ons working in specific application domains.

In this paper, we present hol-TestGen/fw, an add-on for the test framework hol-TestGen, that allows for testing the conformance of firewall implementations to high-level security policies. Based on generic theories specifying a security-policy language, we developed specific theories for network data and firewall policies. On top of these firewall specific theories, we provide mechanisms for policy transformations based on derived rules and adapted code-generators producing test drivers. Our empirical evaluations shows that hol-TestGen/fw is a competitive environment for testing firewalls or high-level policies of local networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. von Bidder, D.: Specification-based firewall testing. Ph.d. thesis, ETH Zurich, ETH Dissertation No. 17172. Diana von Bidder’s maiden name is Diana Senn (2007)

    Google Scholar 

  2. Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: Verified firewall policy transformations for test-case generation. In: Third International Conference on Software Testing, Verification, and Validation (ICST) , pp. 345–354. IEEE Computer Society (2010), doi:10.1109/ICST.2010.50

    Google Scholar 

  3. Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: An approach to modular and testable security models of real-world health-care applications. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 133–142. ACM Press (2011), doi:10.1145/1998441.1998461

    Google Scholar 

  4. Brucker, A.D., Brügger, L., Wolff, B.: Formal firewall testing: An exercise in test and proof. Submitted for publication (2013)

    Google Scholar 

  5. Brucker, A.D., Wolff, B.: Test-sequence generation with Hol-TestGen with an application to firewall testing. In: Gurevich, Y., Meyer, B. (eds.) TAP 2007. LNCS, vol. 4454, pp. 149–168. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Brucker, A.D., Wolff, B.: hol-testGen. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 417–420. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Brucker, A.D., Wolff, B.: On theorem prover-based testing. Formal Aspects of Computing, FAC (2012), doi:10.1007/s00165-012-0222-y

    Google Scholar 

  8. Brügger, L.: A framework for modelling and testing of security policies. Ph.D. thesis, ETH Zurich, ETH Dissertation No. 20513 (2012)

    Google Scholar 

  9. El-Atawy, A., Ibrahim, K., Hamed, H., Al-Shaer, E.: Policy segmentation for intelligent firewall testing. In: NPSec 2005, pp. 67–72. IEEE Computer Society (2005)

    Google Scholar 

  10. El-Atawy, A., Samak, T., Wali, Z., Al-Shaer, E., Lin, F., Pham, C., Li, S.: An automated framework for validating firewall policy enforcement. In: POLICY 2007, pp. 151–160. IEEE Computer Society (2007)

    Google Scholar 

  11. Jürjens, J., Wimmel, G.: Specification-based testing of firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 308–316. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. de Moura, L., Bjørner, N.S.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. PIDE (2013), http://fortesse.lri.fr/index.php?option=com_content&id=91&Itemid=60#PlatformDevelopment

  14. Senn, D., Basin, D.A., Caronni, G.: Firewall conformance testing. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, pp. 226–241. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Wenzel, M., Wolff, B.: Building formal method tools in the Isabelle/Isar framework. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 352–367. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP AG, Vincenz-Priessnitz-Str. 1, 76131, Karlsruhe, Germany

    Achim D. Brucker

  2. Information Security, ETH Zurich, 8092, Zurich, Switzerland

    Lukas Brügger

  3. LRI, Université Paris-Sud, 91405, Orsay Cedex, France

    Burkhart Wolff

Authors
  1. Achim D. Brucker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lukas Brügger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Burkhart Wolff
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. International Institute for Software Technology, United Nations University, P.O. Box 3058, Macau, China

    Zhiming Liu

  2. Department of Computer Science, University of York, Deramore Lane, YO10 5GH, York, UK

    Jim Woodcock

  3. Software Engineering Institute, East China Normal University, 3663 Zhongshan Road (North), 200062, Shanghai, China

    Huibiao Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brucker, A.D., Brügger, L., Wolff, B. (2013). hol-TestGen/fw . In: Liu, Z., Woodcock, J., Zhu, H. (eds) Theoretical Aspects of Computing – ICTAC 2013. ICTAC 2013. Lecture Notes in Computer Science, vol 8049. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39718-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39718-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39717-2

  • Online ISBN: 978-3-642-39718-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation