论文信息 - Blowtorch: a framework for firewall test automation

Blowtorch: a framework for firewall test automation

Firewalls play a crucial role in network security. Experience has shown that the development of firewall rule sets is complex and error prone. Rule set errors can be costly, by allowing damaging traffic in or by blocking legitimate traffic and causing essential applications to fail. Consequently, firewall testing is extremely important. Unfortunately, it is also hard and there is little tool support available.Blowtorch is a C++ framework for firewall test generation. The central construct is the packet iterator: an event-driven generator of timestamped packet streams. Blowtorch supports the development of packet iterators with a library for packet header creation and parsing, a transmit scheduler for multiplexing of multiple packet streams, and a receive monitor for demultiplexing of arriving packet streams. The framework provides iterators which generate packet streams using covering arrays, production grammars, and replay of captured TCP traffic. Blowtorch has been used to develop tests for industrial firewalls that are placed between an IT network and a process control network.

Daniel Hoffman | Kevin Yoo | D. Hoffman | K. Yoo

[1] Vinod Yegneswaran,et al. A framework for malicious workload generation , 2004, IMC '04.

[2] Jan Jürjens,et al. Specification-Based Testing of Firewalls , 2001, Ershov Memorial Conference.

[3] Yu Lei,et al. A Test Generation Strategy for Pairwise Testing , 2002, IEEE Trans. Software Eng..

[4] Avishai Wool,et al. Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5] A. G. Duncan,et al. Using attributed grammars to test designs and implementations , 1981, ICSE '81.

[6] Bill McCarty,et al. Red Hat Linux Firewalls , 2002 .

[7] Eric James Byres,et al. NISCC good practice guide on ?rewall de-ployment for SCADA and process control networks , 2005 .

[8] Khalid Al-Tawil,et al. Evaluation and testing of internet firewalls , 1999, Int. J. Netw. Manag..

[9] Avishai Wool,et al. A quantitative study of firewall configuration errors , 2004, Computer.

[10] D.M. Cohen,et al. The Combinatorial Design Approach to Automatic Test Generation , 1996, IEEE Softw..

[11] Jean J. Labrosse,et al. MicroC/OS-II: The Real Time Kernel , 1998 .