Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Specification-Based Testing of Firewalls

  • Conference paper
  • First Online:
Perspectives of System Informatics (PSI 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2244))

Abstract

Firewalls protect hosts in a corporate network from attacks. Together with the surrounding network infrastructure, they form a complex system, the security of which relies crucially on the correctness of the firewalls. We propose a method for specification-based testing of firewalls. It enables to formally model the firewalls and the surrounding network and to mechanically derive test-cases checking the firewalls for vulnerabilities. We use a general CASE-tool which makes our method fiexible and easy to use.

This work was partially supported by the Studienstiftung des deutschen Volkes, and by the German Ministry of Economics within the FairPay project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. M. Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation. In Theoretical Aspects of Computer Software (TACS’01), LNCS. Springer, 2001.

    Google Scholar 

  2. S. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communication Review, 19(2):32–48, 1989.

    Article  Google Scholar 

  3. Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In Security and Privacy, 1999.

    Google Scholar 

  4. W. Cheswick and S. Bellovin. Firewalls and Internet Security: repelling the wily hacker. Addison-Wesley, 1994.

    Google Scholar 

  5. M. Freiss. Protecting Networks with SATAN. O’Reilly, 1998.

    Google Scholar 

  6. J. Guttman. Filtering postures: Local enforcement for global policies. In IEEE Symposium on Security and Privacy, 1997.

    Google Scholar 

  7. J. Guttman. Security goals: Packet trajectories and strand spaces. In R. Gorrieri and R. Focardi, editors, Foundations of Security Analysis and Design, LNCS. Springer, 2001. Forthcoming.

    Google Scholar 

  8. F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155–164, 1998.

    Google Scholar 

  9. F. Huber, S. Molterer, B. Schätz, O. Slotosch, and A. Vilbig. Trafic Lights-An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282–294. IEEE Computer Society, 1998.

    Google Scholar 

  10. Jan Jürjens. Composability of secrecy. In International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS 2001), volume 2052 of LNCS, pages 28–38. Springer, 2001.

    Google Scholar 

  11. Jan Jürjens. Secrecy-preserving refinement. In Formal Methods Europe (International Symposium), volume 2021 of LNCS, pages 135–152. Springer, 2001.

    Google Scholar 

  12. H. Lötzbeyer and A. Pretschner. Testing concurrent reactive systems with constraint logic programming. In 2nd Workshop on Rule-Based Constraint Reasoning and Programming, Singapore, 2000.

    Google Scholar 

  13. A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine. In IEEE Symposium on Security and Privacy, 2000.

    Google Scholar 

  14. R. Ritchey and P. Ammann. Using model checking to analyze network vulnerabilities. In IEEE Symposium on Security and Privacy, 2000.

    Google Scholar 

  15. C. Schuba. On the Modeling, Design, and Implementation of Firewall Technology. PhD thesis, CERIAS, Purdue, 1997.

    Google Scholar 

  16. G. Wimmel. Specification Based Determination of Test Sequences in Embedded Systems. Master’s thesis, Technische Universität München, 2000.

    Google Scholar 

  17. G. Wimmel, H. Lötzbeyer, A. Pretschner, and O. Slotosch. Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Munich University of Technology, 80290, München, TU München, Germany

    Jan Jürjens

  2. Computing Laboratory, University of Oxford, Wolfson Building, Parks Road, OX1 3QD, Oxford, Great Britain

    Guido Wimmel

Authors
  1. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guido Wimmel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Informatics and Mathematical Modelling, Technical University of Denmark, Bldg.322, 106-108, Richard Petersens Plads, 2800, Lyngby, Denmark

    Dines Bjørner

  2. Computer Science Department, Technical University of Munich, Arcisstr.21, 80290, Munich, Germany

    Manfred Broy

  3. A.P.Ershov Institute of Informatics Systems, Acad.Lavrentjev ave.,6, 630090, Novosibirsk, Russia

    Alexandre V. Zamulin

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürjens, J., Wimmel, G. (2001). Specification-Based Testing of Firewalls. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds) Perspectives of System Informatics. PSI 2001. Lecture Notes in Computer Science, vol 2244. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45575-2_31

Download citation

  • DOI: https://doi.org/10.1007/3-540-45575-2_31

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-43075-9

  • Online ISBN: 978-3-540-45575-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation