Abstract
The hol-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/hol supports the customization as well as the development of highly automated add-ons working in specific application domains.
In this paper, we present hol-TestGen/fw, an add-on for the test framework hol-TestGen, that allows for testing the conformance of firewall implementations to high-level security policies. Based on generic theories specifying a security-policy language, we developed specific theories for network data and firewall policies. On top of these firewall specific theories, we provide mechanisms for policy transformations based on derived rules and adapted code-generators producing test drivers. Our empirical evaluations shows that hol-TestGen/fw is a competitive environment for testing firewalls or high-level policies of local networks.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
von Bidder, D.: Specification-based firewall testing. Ph.d. thesis, ETH Zurich, ETH Dissertation No. 17172. Diana von Bidder’s maiden name is Diana Senn (2007)
Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: Verified firewall policy transformations for test-case generation. In: Third International Conference on Software Testing, Verification, and Validation (ICST) , pp. 345–354. IEEE Computer Society (2010), doi:10.1109/ICST.2010.50
Brucker, A.D., Brügger, L., Kearney, P., Wolff, B.: An approach to modular and testable security models of real-world health-care applications. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 133–142. ACM Press (2011), doi:10.1145/1998441.1998461
Brucker, A.D., Brügger, L., Wolff, B.: Formal firewall testing: An exercise in test and proof. Submitted for publication (2013)
Brucker, A.D., Wolff, B.: Test-sequence generation with Hol-TestGen with an application to firewall testing. In: Gurevich, Y., Meyer, B. (eds.) TAP 2007. LNCS, vol. 4454, pp. 149–168. Springer, Heidelberg (2007)
Brucker, A.D., Wolff, B.: hol-testGen. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 417–420. Springer, Heidelberg (2009)
Brucker, A.D., Wolff, B.: On theorem prover-based testing. Formal Aspects of Computing, FAC (2012), doi:10.1007/s00165-012-0222-y
Brügger, L.: A framework for modelling and testing of security policies. Ph.D. thesis, ETH Zurich, ETH Dissertation No. 20513 (2012)
El-Atawy, A., Ibrahim, K., Hamed, H., Al-Shaer, E.: Policy segmentation for intelligent firewall testing. In: NPSec 2005, pp. 67–72. IEEE Computer Society (2005)
El-Atawy, A., Samak, T., Wali, Z., Al-Shaer, E., Lin, F., Pham, C., Li, S.: An automated framework for validating firewall policy enforcement. In: POLICY 2007, pp. 151–160. IEEE Computer Society (2007)
Jürjens, J., Wimmel, G.: Specification-based testing of firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 308–316. Springer, Heidelberg (2001)
de Moura, L., Bjørner, N.S.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
PIDE (2013), http://fortesse.lri.fr/index.php?option=com_content&id=91&Itemid=60#PlatformDevelopment
Senn, D., Basin, D.A., Caronni, G.: Firewall conformance testing. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, pp. 226–241. Springer, Heidelberg (2005)
Wenzel, M., Wolff, B.: Building formal method tools in the Isabelle/Isar framework. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 352–367. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brucker, A.D., Brügger, L., Wolff, B. (2013). hol-TestGen/fw . In: Liu, Z., Woodcock, J., Zhu, H. (eds) Theoretical Aspects of Computing – ICTAC 2013. ICTAC 2013. Lecture Notes in Computer Science, vol 8049. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39718-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-39718-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39717-2
Online ISBN: 978-3-642-39718-9
eBook Packages: Computer ScienceComputer Science (R0)