Policy segmentation for intelligent firewall testing

Adel El-Atawy; Khaled Ibrahim; Hazem Hamed; Ehab Al-Shaer

doi:10.1109/NPSEC.2005.1532056

Policy segmentation for intelligent firewall testing

Adel El-Atawy^*, Khaled Ibrahim, Hazem Hamed, Ehab Al-Shaer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

41 Scopus citations

Abstract

Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.

Original language	English
Title of host publication	2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005
Subtitle of host publication	13th IEEE International Conference on Network Protocols
Pages	67-72
Number of pages	6
DOIs	https://doi.org/10.1109/NPSEC.2005.1532056
State	Published - 2005
Externally published	Yes
Event	2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols - Boston, MA, United States Duration: 6 Nov 2005 → 6 Nov 2005

Publication series

Name	2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
Volume	2005

Conference

Conference	2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
Country/Territory	United States
City	Boston, MA
Period	6/11/05 → 6/11/05

ASJC Scopus subject areas

General Engineering

Access to Document

10.1109/NPSEC.2005.1532056

Cite this

El-Atawy, A., Ibrahim, K., Hamed, H., & Al-Shaer, E. (2005). Policy segmentation for intelligent firewall testing. In 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols (pp. 67-72). Article 1532056 (2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols; Vol. 2005). https://doi.org/10.1109/NPSEC.2005.1532056

El-Atawy, Adel ; Ibrahim, Khaled ; Hamed, Hazem et al. / Policy segmentation for intelligent firewall testing. 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols. 2005. pp. 67-72 (2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols).

@inproceedings{92d6668ee6f54d72bd59cf556cf1bee1,

title = "Policy segmentation for intelligent firewall testing",

abstract = "Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.",

author = "Adel El-Atawy and Khaled Ibrahim and Hazem Hamed and Ehab Al-Shaer",

year = "2005",

doi = "10.1109/NPSEC.2005.1532056",

language = "English",

isbn = "0780394275",

series = "2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols",

pages = "67--72",

booktitle = "2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005",

note = "2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols ; Conference date: 06-11-2005 Through 06-11-2005",

}

El-Atawy, A, Ibrahim, K, Hamed, H & Al-Shaer, E 2005, Policy segmentation for intelligent firewall testing. in 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols., 1532056, 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols, vol. 2005, pp. 67-72, 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols, Boston, MA, United States, 6/11/05. https://doi.org/10.1109/NPSEC.2005.1532056

Policy segmentation for intelligent firewall testing. / El-Atawy, Adel; Ibrahim, Khaled; Hamed, Hazem et al.
2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols. 2005. p. 67-72 1532056 (2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Policy segmentation for intelligent firewall testing

AU - El-Atawy, Adel

AU - Ibrahim, Khaled

AU - Hamed, Hazem

AU - Al-Shaer, Ehab

PY - 2005

Y1 - 2005

N2 - Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.

AB - Firewall development and implementation are constantly being improved to accommodate higher security and performance standards. Using reliable yet practical techniques for testing new packet filtering algorithms and firewall design implementations from a functionality point of view becomes necessary to assure the required security. In this paper, an efficient paradigm for automated testing of firewalls with respect to their internal implementation and security policies is proposed. We propose a novel firewall testing technique using policy-based segmentation of the traffic address space, which can intelligently adapt the test traffic generation to target potential erroneous regions in the firewall input space. We also show that our automated approach of test case generation, analyzing firewall logs and creating testing reports not only makes the problem solvable but also offers a significantly higher degree of confidence than random testing.

UR - http://www.scopus.com/inward/record.url?scp=33749044427&partnerID=8YFLogxK

U2 - 10.1109/NPSEC.2005.1532056

DO - 10.1109/NPSEC.2005.1532056

M3 - Conference contribution

AN - SCOPUS:33749044427

SN - 0780394275

SN - 9780780394278

T3 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols

SP - 67

EP - 72

BT - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005

T2 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols

Y2 - 6 November 2005 through 6 November 2005

ER -

El-Atawy A, Ibrahim K, Hamed H, Al-Shaer E. Policy segmentation for intelligent firewall testing. In 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols. 2005. p. 67-72. 1532056. (2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols). doi: 10.1109/NPSEC.2005.1532056

Policy segmentation for intelligent firewall testing

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this