Français Anglais
Accueil Annuaire Plan du site
Home > Research results > Research highlights
Research results
Research highlight : FORMAL FIREWALL CONFORMANCE TESTING: AN APPLICATION OF TEST AND PROOF TECHNIQUES
FORMAL FIREWALL CONFORMANCE TESTING: AN APPLICATION OF TEST AND PROOF TECHNIQUES
1 September 2014

A Formal Security Policy Model (UPF) is applied to network policies (firewalls, routers, NATs). Derived Rules allow for a proven correct test-generation procedure for these policies.
Firewalls are an important means to secure critical ict infrastructures. As configurable off-the-shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. While testing the implementation can be done once by the manufacturer, the configuration needs to be tested for each application individually. This is particularly challenging as the configuration, implementing a firewall policy, is inherently complex, hard to understand, administrated by different stakeholders and thus difficult to validate. This paper presents a formal model of both stateless and stateful firewalls (packet filters), including nat, to which a specification-based conformance test case generation approach is applied. Furthermore, a verified optimisation technique for this approach is presented: starting from a formal model for stateless firewalls, a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage of the model are derived. We extend an existing approach that integrates verification and testing, that is, tests and proofs to support conformance testing of network policies. The presented approach is supported by a test framework that allows to test actual firewalls using the test cases generated on the basis of the formal model. Finally, a report on several larger case studies is presented.

Authors: A. Brucker, L. Brügger, B.Wolff.
Electronically appeared at Software Testing, Verification and Reliability (STVR), John Wiley & Sons, Ltd.
DOI: 10.1002/stvr.1544

Keyword
  ° Formalisation of (Specification and Programming) Languages in Proof Assistants
  ° Formal Model-Based Testing
  ° Deductive Verification of Programs

Group
  ° Verification of Algorithms, Languages and Systems

Contact
  ° WOLFF Burkhart
Research highlights
HOW FAST CAN YOU CONVERGE TOWARDS A CONSENSUS VALUE?
28 October 2021
In their recent work, Matthias Fuegger (LMF), Thomas Nowak (LISN), and Manfred Schwarz (TU Wien) stu

MODEL TRANSFORMATION AS CONSERVATIVE THEORY-TRANSFORMATION
30 October 2020
We present a new technique to construct tool support for domain-specific languages (DSLs) inside the

BEST STUDENT PAPER AWARD (ML) AT ECML 2019
20 September 2019
Guillaume Doquet (A&O) received the Best Student Paper Award (category Machine Learning) at ECML 201

BEST PAPER AWARD - HPCS 2019 - ON SERVER-SIDE FILE ACCESS PATTERN MATCHING
17 July 2019
Francieli Zanon Boito¹ , Ramon Nou², Laércio Lima Pilla³, Jean Luca Bez⁴, Jean-François Méhaut¹, T

BEST FULL PAPER AWARD EDM 2019 - EDUCATIONAL DATA MINING
5 July 2019
DAS3H: Modeling Student Learning and Forgetting for Optimally Scheduling Distributed Practice of Ski