Login | Register

An Integrated framework for firewall testing and validation

Title:

An Integrated framework for firewall testing and validation

Akiki, Mehdi (2009) An Integrated framework for firewall testing and validation. Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
MR67146.pdf - Accepted Version
3MB

Abstract

In today's global world, most corporations are bound to have an Internet presence. This phenomenon has led to a significant increase in all kinds of network attacks. Firewalls are used to protect organizational networks against these attacks. Firewall design is based on a set of filtering rules. Because of the nature of these rules, and due to the rising complexity of security policies, an increasing number of mistakes are found in configurations. A reliable and automated technique for testing firewall configuration is becoming necessary to ensure the full functionality of the firewall. In this thesis, a new approach to fully test a firewall has been developed using a white box approach that takes into account its inner implementation. Also--thanks to the information provided by the network information file--the environment where the firewall will be deployed is considered, ensuring a better accuracy and performance than previous work. Moreover, the method uses a combination of algorithms that remove common misconfigurations widely present in current firewall configurations [I] and guarantees a coverage that is greater than previous methods for generating test sets with a novel test set generation approach. The developed framework is fully automated and contains the full steps to get testing done, from the parsing of the firewall file to the generation of the test set based on the actual configuration of the firewall to the correction of the error in the firewall file, avoiding all types of errors of omission and misconfiguration that occur during a manual configuration. Keywords: Firewall, Policy Language, Conflict Free Rules, Rule Set, White Box Testing, Misconfiguration Errors, Configuration, Rule Update

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Electrical and Computer Engineering
Item Type:Thesis (Masters)
Authors:Akiki, Mehdi
Pagination:x, 83 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Electrical and Computer Engineering
Date:2009
Thesis Supervisor(s):En-nouaary, Abdeslam
ID Code:976725
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:31
Last Modified:18 Jan 2018 17:43
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top