Directed Acyclic Graph Modeling of Security Policies for Firewall Testing

Tuğlular, Tuğkan; Kaya, O.; Müftüoğlu, Can Arda; Belli, Fevzi

doi:10.1109/ssiri.2009.52

Cited by 8 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Model-based conformance testing by 11 involves experiments with the experiment size of 7 rules generating over 700 test cases taking about 3000 seconds, and 4 networks adding an additional 20,000 seconds. A test case generation tool presented in 12 indicates that the number of tests generated is a cross product of the number of individual sources, destinations, and services found in the rule set, suggesting a much higher complexity when using this brute force method. Furthermore, experiments in 13 show similar results when using a BDD as an internal representation of the policy, although the work was focused on model checking and not simulation.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Modeling Firewalls for Behavior Analysis

Clark

Agah

2015

Procedia Computer Science

View full text Add to dashboard Cite

This work presents a software behavioral model of the capabilities found in firewall type devices and a process for taking vendor specific nuances to a common implementation. This includes understanding interfaces, routes, rules, translation, and policies; modeling them in a common manner such that different models may be compared to each other for functional similarity. This work makes use of recent efforts to model firewall policies in a concise efficient data structure referred to as a Firewall Policy Diagram (FPD). The structure facilitates the canonical representation of a policy as well as human comprehension of the policy. Its use with behavior modeling is to capture and compare the results of a potentially large solution space.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Frameworks capable of generating validation traffic for a particular firewall presented in several works 23,12 . In a similar manner to other topology mapping programs 24,25 , the work generates and sends actual traffic through the system, exercising a firewall's internal filtering to ensure consistency.…”

Section: Related Workmentioning

confidence: 99%

Modeling Firewalls for Behavior Analysis

Clark

Agah

2015

Procedia Computer Science

View full text Add to dashboard Cite

show abstract

“…In a proposal for testing of security policies for firewalls, the security policies were represented as directed acyclic graphs (DAGs). Test cases represented each complete event sequence which could be derived from the DAG [27]. System testing and code-based coverage analysis employ similar testing methodologies.…”

Section: Related Workmentioning

confidence: 99%

Towards Measuring Test Coverage of Attack Simulations

Hersén

Hacks

Fögen

2021

Enterprise, Business-Process and Information Systems Modeling

View full text Add to dashboard Cite

Designing secure and reliable systems is a difficult task. Threat modeling is a process that supports the secure design of systems by easing the understanding of the system's complexity, as well as identifying and modeling potential threats. These threat models can serve as input for attack simulations, which are used to analyze the behavior of attackers within the system. To ensure the correct functionality of these attack simulations, automated tests are designed that check if an attacker can reach a certain point in the threat model. Currently, there is no way for developers to estimate the degree to which their tests cover the attack simulations and, thus, they cannot the determine the quality of their tests. To resolve this shortcoming, we analyze structural testing methods from the software engineering domain and transfer them to the threat modeling domain by following an Action Design Research approach. Further, we develop a first prototype, which is able to assess the test coverage in an automated way. This will enable threat modeler to determine the quality of their tests and, simultaneously, increase the quality of the threat models.

show abstract

“…In this work, we use FDD [9] notion for modeling, whereas in our previous work [10], we used directed acyclic graph concept to deal with rule dependencies, which is implicitly handled by FDD. The present paper chooses FDD notation since formal, graph-theoretical notions and algorithms are utilized intensively with it.…”

Section: Related Workmentioning

confidence: 99%

Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing

Tuğlular

Gercek

2011

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

Self Cite

View full text Add to dashboard Cite

Abstract-As part of network security testing, an administrator needs to know whether the firewall enforces the security policy as expected or not. In this setting, black-box testing and evaluation methodologies can be helpful. In this paper, we employ a simple mutation operation, namely flipping a bit, to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach, abstract test cases that are automatically generated from firewall decision diagrams are instantiated by selecting test input values from different test data pools for each field of firewall policy. Furthermore, a case study is presented to validate the proposed approach.

show abstract

Directed Acyclic Graph Modeling of Security Policies for Firewall Testing

Cited by 8 publications

References 15 publications

Modeling Firewalls for Behavior Analysis

Modeling Firewalls for Behavior Analysis

Towards Measuring Test Coverage of Attack Simulations

Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing

Contact Info

Product

Resources

About