Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error (s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically.
IntroductionFirewalls, which act as the most important defense mechanism of network security, have to be tested to validate that they work as specified. The firewall specification is mainly composed of intended security policy and allowed network protocols, which are usually the main focus of an attacker. The intended security policy consists of firewall rules, which configure the firewall behavior, and allowed network protocols. These constitute an important part of firewall's internal infrastructure which can be described as packet capture, decision making on the packet under consideration, and packet release. Decision making operation is carried out with respect to firewall policy and network protocols. The security policy is external to the firewall like a configuration file, whereas packet checking with respect to network protocols is implemented in the firewall software.Since the firewall policy is considered as a specification and can be represented by a formal model, we propose a model-based testing approach for firewalls. The novelty of this approach is using DAG model for firewall testing. This paper proposes modeling of firewall rules and generating test cases using DAGs. Since event sequence graphs (ESG) are directed graphs, we applied its test case generation algorithm to the DAG representation of firewall rules. Then test packets derived from generated test cases are sent to the firewall to analyze its behavior.Next section summarizes related work before Section 3 outlines background and the test generation algorithm. The core of the paper, Section 4, presents our firewall testing approach. Sections 5 and 6 include implementation details of the approach and a case study on a firewall. Section 7 concludes the paper and outlines our research work planned. Related WorkA firewall controls network traffic to and from a computer, based on a security policy. Although systematic testing was an omitted area in firewall studies and relative literature, recent studies on
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.