verified firewall policy transformations for test case
play

Verified Firewall Policy Transformations for Test Case Generation - PowerPoint PPT Presentation

Mar 09, 2024 •329 likes •629 views

Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 ugger 2 Lukas Br Paul Kearney 3 Burkhart Wolff 4 1 SAP Research, Germany 2 Information Security, ETH Z urich, Switzerland 3 Security Futures Practice, BT

  1. Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 ugger 2 Lukas Br¨ Paul Kearney 3 Burkhart Wolff 4 1 SAP Research, Germany 2 Information Security, ETH Z¨ urich, Switzerland 3 Security Futures Practice, BT Innovate & Design, UK 4 Universit´ e Paris-Sud, France ICST 2010 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 1 / 27

  2. Motivation 1 Background 2 Firewall Testing: the Direct Approach 3 Scenario Model Testing Firewall Testing: the Optimized Approach 4 The Idea The Method Empirical Results Conclusion 5 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 2 / 27

  3. Motivation Motivation 1 Background 2 Firewall Testing: the Direct Approach 3 Firewall Testing: the Optimized Approach 4 Conclusion 5 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 3 / 27

  4. Motivation Motivation Firewalls are cornerstones of security infrastructures Policies often change heavily over time Their configuration varies and is highly error-prone: “NSA found that inappropriate or incorrect security configurations were responsible for 80 percent of Air Force vulnerabilities.” Our goal: Test if a firewall configuration conforms to a specification –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 4 / 27

  5. Motivation Motivation Scenario 2: Networks Scenario 1: Single Firewall Internet (extern) DMZ H2 B A H1 H5 Intranet (intern) �� �� �� �� �� �� �� �� H3 H4 Our goal: Test if several network component configurations conform to a specification –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 5 / 27

  6. Background Motivation 1 Background 2 Firewall Testing: the Direct Approach 3 Firewall Testing: the Optimized Approach 4 Conclusion 5 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 6 / 27

  7. Background Model-based Testing with HOL-TestGen An interactive model-based test tool built upon the theorem prover Isabelle/HOL generates test drivers successfully used in various case-studies freely available at: http://www.brucker.ch/projects/hol-testgen/ –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 7 / 27

  8. Firewall Testing: the Direct Approach Motivation 1 Background 2 Firewall Testing: the Direct Approach 3 Scenario Model Testing Firewall Testing: the Optimized Approach 4 Conclusion 5 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 8 / 27

  9. Firewall Testing: the Direct Approach Scenario A Typical Scenario Internet (extern) DMZ Intranet (intern) �� �� �� �� �� �� �� �� source destination protocol port action Internet dmz smtp 25 allow Internet dmz http 80 allow dmz intranet smtp 25 allow intranet dmz imaps 993 allow intranet Internet http 80 allow any any any any deny In this talk, firewalls are stateless packet filters HOL-TestGen can also handle stateful firewalls (not considered in this talk) –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 9 / 27

  10. Firewall Testing: the Direct Approach Model HOL-Model of a Firewall Policy A firewall makes a decision based on single packets. types ( α , β ) packet = id × ( α ::adr) src × ( α ::adr) dest × β content Different address and content representations are possible. A policy either allows or denies a packet: datatype α decision = allow α | deny α A policy is a mapping from packets to decisions: types ( α , β ) Policy = ( α , β ) packet ⇀ (( α , β ) packet) decision A library of policy combinators allows to define policies on a natural level: definition allow all from :: ( α ::adr) net ⇒ ( α , β ) Policy where allow all from src net ≡ allow all | ‘ { pa. src pa ⊏ src net } –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 10 / 27

  11. Firewall Testing: the Direct Approach Model The Policy source destination protocol port action Internet dmz smtp 25 allow Internet dmz http 80 allow dmz intranet smtp 25 allow intranet dmz imaps 993 allow intranet Internet http 80 allow any any any any deny definition Policy ≡ deny all ++ allow port intranet internet 80 ++ allow port intranet dmz 993 ++ allow port dmz intranet 25 ++ allow port internet dmz 80 ++ allow port internet dmz 25 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 11 / 27

  12. Firewall Testing: the Direct Approach Testing Testing Stateless Firewalls The test specification: test spec test: “ P x = ⇒ FUT x = Policy x’’ FUT : Placeholder for Firewall Under Test P : a predicate specifying which kind of packets we are interested in. E.g.: wellformed packets which cross some network boundary. Generates test data like: FUT (12, ((7,13,12,10),6), ((172,168,2,1),80), content) = Some (deny (12, ((7,13,12,10),6), ((172,168,2,1),80), content)) –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 12 / 27

  13. Firewall Testing: the Direct Approach Testing Problems with the direct approach The direct approach does not scale: R1 R2 R3 R4 Networks 3 3 4 3 Rules 12 9 13 13 TC Generation Time (sec) 26382 187 59364 1388 Test Cases 1368 264 1544 470 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 13 / 27

  14. Firewall Testing: the Direct Approach Testing Problems with the direct approach The direct approach does not scale: R1 R2 R3 R4 Networks 3 3 4 3 Rules 12 9 13 13 TC Generation Time (sec) 26382 187 59364 1388 Test Cases 1368 264 1544 470 Reason: Large cascades of case distinctions over input and output However, many of these case splits are redundant –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 13 / 27

  15. Firewall Testing: the Optimized Approach Motivation 1 Background 2 Firewall Testing: the Direct Approach 3 Firewall Testing: the Optimized Approach 4 The Idea The Method Empirical Results Conclusion 5 –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 14 / 27

  16. Firewall Testing: the Optimized Approach The Idea Idea Input to test case generation is a representation of the model Test case generation depends on that specific representation Use a representation of (semantically equivalent) model, which is “easier” to test Idea is to remove redundant case-splits beforehand; they can be detected syntactically on a sequence of policy rules Make transformations between representations automatic and verify them in Isabelle –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 15 / 27

  17. Firewall Testing: the Optimized Approach The Idea Model Transformations for Test Case Generation (1/2) Verified Model Transformation Model of Firewall Optimized Model Policy of Firewall Policy Test Case Generation Test Case Generation Test Cases Test Cases –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 16 / 27

  18. Firewall Testing: the Optimized Approach The Idea Model Transformations for Test Case Generation (2/2) Idea is fundamental to model-based test case generation. E.g.: if x < − 10 then if x < 0 then P else Q else Q if x < − 10 then P else Q lead to different test cases –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 17 / 27

  19. Firewall Testing: the Optimized Approach The Idea Model Transformations for Test Case Generation (2/2) Idea is fundamental to model-based test case generation. E.g.: if x < − 10 then if x < 0 then P else Q else Q if x < − 10 then P else Q lead to different test cases Similarly, the following two policies produce a different set of test cases: deny all ++ deny port dmz internet 21 ++ allow all from to dmz internet deny all ++ allow all from to dmz internet –sourcefile– –revision– 2010-04-08 –time– –owner– Brucker, Br¨ ugger, Kearney, Wolff Verified Policy Transformations () ICST 2010 17 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical Systems Stefan Mitsch Computer Science Department, Carnegie Mellon University CPS V&amp;V I&amp;F Workshop 2017 May 12, 2017 joint work with Andr e

537 views • 31 slides
Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from SysML Models Jrg Brauer and Jan Peleska Verified Systems International GmbH support@verified.de Space Tech Expo Europe 2015-11-19 Motivation

499 views • 26 slides
Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views • 52 slides
VERIFIED OPERATIONAL TRANSFORMATIONS FOR TREES Sergey Sinchuk, Pavel Chuprkov , Konstantin

VERIFIED OPERATIONAL TRANSFORMATIONS FOR TREES Sergey Sinchuk, Pavel Chuprkov , Konstantin

VERIFIED OPERATIONAL TRANSFORMATIONS FOR TREES Sergey Sinchuk, Pavel Chuprkov , Konstantin Solomatov Interactive Theorem Proving 2016 INTRODUCTION REAL-TIME COLLABORATIVE EDITOR A collaborative editor allows multiple users to edit a shared

668 views • 37 slides
Phase Transformations &amp; Hardenability of Steels (Jominy EndQuench Test) Jominy End

Phase Transformations &amp; Hardenability of Steels (Jominy EndQuench Test) Jominy End

Phase Transformations / Hardenability (Jominy EndQuench) Presentation Fall '15 (2151) Experiment #7 Phase Transformations &amp; Hardenability of Steels (Jominy EndQuench Test) Jominy End Quench Test ASTM Standard A255 Concept

169 views • 12 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 &gt; L2 ) network at network at security

1.07k views • 67 slides
Transformations Composition of Transformations Congruence Transformations Dilations Similarity

Transformations Composition of Transformations Congruence Transformations Dilations Similarity

Slide 1 / 145 Slide 2 / 145 Geometry Transformations 2014-09-08 www.njctl.org Slide 3 / 145 Slide 4 / 145 Table of Contents click on the topic to go to that section Transformations Translations Reflections Rotations Transformations

464 views • 25 slides
Transformations Composition of Transformations Congruence Transformations Dilations

Transformations Composition of Transformations Congruence Transformations Dilations

Slide 1 / 154 Slide 2 / 154 Geometry Transformations 2014-09-08 www.njctl.org Slide 3 / 154 Slide 4 / 154 Table of Contents click on the topic to go to that section Transformations Translations Reflections Rotations

643 views • 26 slides
Transformations Composition of Transformations Congruence Transformations Dilations

Transformations Composition of Transformations Congruence Transformations Dilations

Slide 1 / 154 Slide 2 / 154 Geometry Transformations 2014-09-08 www.njctl.org Slide 3 / 154 Slide 4 / 154 Table of Contents click on the topic to go to that section Transformations Translations Reflections Rotations

581 views • 45 slides
Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting September 28, 2005 1 Project Objectives Methods that improve network firewall performance 1. Develop policy optim ization techniques Formal

221 views • 9 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
Class Session 4 Firewalls Exercise 1 You are asked to design the firewall policy for the

Class Session 4 Firewalls Exercise 1 You are asked to design the firewall policy for the

Class Session 4 Firewalls Exercise 1 You are asked to design the firewall policy for the following network. Note that these are stateful , bidirectional firewalls . The only flags you need to worry about are SYN and SYN-ACK. The following

415 views • 3 slides
Make the Internet safe with DNS firewall Response Policy Zones (RPZ) SGNOG 7 2019 2 Great

Make the Internet safe with DNS firewall Response Policy Zones (RPZ) SGNOG 7 2019 2 Great

1 Make the Internet safe with DNS firewall Response Policy Zones (RPZ) SGNOG 7 2019 2 Great Asean Fastest Growing Area of Threats Over 200 Billion devices connected worldwide by 2020. Over 13 million active bots recorded for January 2019.

766 views • 38 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views • 15 slides
Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation Stefan Klikovits Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD Universit e de Gen` eve 28 th September, 2015 Automated Test Reminder: Testing is not easy Case

609 views • 33 slides
Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to Stop? A Real Testing Example Test Case Generation Test Cases Just a list. Test Case {1,3,2} SPECS: A sorted list. {1,2,3} Takes a list

316 views • 7 slides
Architecture and Implement on 3000 Nodes Bare Metal Cloud in China Mobile Yuntong Jin, Li Hao,

Architecture and Implement on 3000 Nodes Bare Metal Cloud in China Mobile Yuntong Jin, Li Hao,

Architecture and Implement on 3000 Nodes Bare Metal Cloud in China Mobile Yuntong Jin, Li Hao, Yao Jun yuntong.jin@intel.com lihao@cmss.chinamobile.com yaojun@cmss.chinamobile.com ecloud.10086.cn Agenda Practice of Openstack in CMCC

554 views • 20 slides
SCIENCE DMZ William Bear Ed Clark Eric Tornoe SCIENCE DRIVERS Dr. Tom Hickson- Geology

SCIENCE DMZ William Bear Ed Clark Eric Tornoe SCIENCE DRIVERS Dr. Tom Hickson- Geology

TOMMIE SCIENCE DMZ William Bear Ed Clark Eric Tornoe SCIENCE DRIVERS Dr. Tom Hickson- Geology 3-Dimensional Imaging- Bringing the Landscape into the Classroom Regular movement of &lt;1TB datasets Dr. Josh Layfield- Chemistry Chemistry at

223 views • 5 slides
Network futures: AARNet4, Science DMZ, SDN David Wilde David Wilde AAR AARNet Copy opyright

Network futures: AARNet4, Science DMZ, SDN David Wilde David Wilde AAR AARNet Copy opyright

AAR AARNet Copy opyright 2015 2015 Network futures: AARNet4, Science DMZ, SDN Network futures: AARNet4, Science DMZ, SDN David Wilde David Wilde AAR AARNet Copy opyright 2015 2015 Network futures: AARNet4, Science DMZ, SDN THETA //

638 views • 50 slides
Quantifying Urban Growth in Dubai Emirate: A Geoinformatics Approach Ahmed K. Nassar 1, 2 , G. Alan

Quantifying Urban Growth in Dubai Emirate: A Geoinformatics Approach Ahmed K. Nassar 1, 2 , G. Alan

Quantifying Urban Growth in Dubai Emirate: A Geoinformatics Approach Ahmed K. Nassar 1, 2 , G. Alan Blackburn 1 and J. Duncan Whyatt 1 1 Lancaster Environment Centre, Lancaster University, Lancaster, LA1 4YW, UK 2 United Arab Emirates University,

430 views • 9 slides
Trustworthy Design Architecture: Cyber- Physical System Peter Choi, PhD, CISSP, CSSLP Sandia

Trustworthy Design Architecture: Cyber- Physical System Peter Choi, PhD, CISSP, CSSLP Sandia

d Trustworthy Design Architecture: Cyber- Physical System Peter Choi, PhD, CISSP, CSSLP Sandia National Laboratories Adrian Chavez Sandia National Laboratories Sandia National Laboratories is a multimission laboratory managed and operated

415 views • 19 slides
Salt A Scalable Systems Management Solution for Datacenters Open Source Data Center

Salt A Scalable Systems Management Solution for Datacenters Open Source Data Center

Salt A Scalable Systems Management Solution for Datacenters Open Source Data Center Conference April 26-28, 2016 Sebastian Meyer Linux Consultant &amp; Trainer B1 Systems GmbH meyer@b1-systems.de B1 Systems GmbH - Linux/Open Source

669 views • 47 slides
AD22 - The Lord of the Rings: DevOps Edition

AD22 - The Lord of the Rings: DevOps Edition

AD22 DevOps Practices 3:00 PM AD22 - The Lord of the Rings: DevOps Edition Presented by: Joseph Ours

534 views • 40 slides
Benefits of the Fulbright International Education Administrator Seminars Perspectives from

Benefits of the Fulbright International Education Administrator Seminars Perspectives from

Benefits of the Fulbright International Education Administrator Seminars Perspectives from Members of the 2013 Japan Cohort Dale LaFleur, Director, Institutional Relations, University of Arizona Eveadean M. Myers , Vice President Equity,

357 views • 20 slides

More recommend