Browse > Article

Development of Test Tool for Testing Packet Filtering Functions  

Kim, Hyeon-Soo (충남대학교 컴퓨터공학과)
Park, Young-Dae (삼성전자주식회사 S/W Lab)
Kuk, Seung-Hak (충남대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.13, no.2, 2007 , pp. 86-99 More about this Journal
Abstract
Packet filtering is to filter out potentially malicious network packets. In order to test a packet filtering function we should verify whether security policies are performed correctly as intended. However there are few existing tools to test the function. Besides, they need user participation when generating test cases or deciding test results. Many security administrators have a burden to test systematically new security policies when they establish new policies or modify the existing ones. To mitigate the burdens we suggest a new test method with minimal user articipation. Our tool automates generation steps of the test cases and the test oracles, respectively. By using the test oracles generated automatically, deciding test results is possible without user intervention. Our method realizes an automatic testing in three phases; test preparation phase, test execution, and test evaluation. As a result it may enhance confidence of test activities more highly. This paper describes the design and implementation of our test method and tool.
Keywords
Security systems; function test; Packet filtering; Security policy; Test oracle; Firewall;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. J. Houle & G. M. Weaver, 'Trends in Denial of Service Attack Technology,' CERT/CC, 2001
2 M. L. Hutcheson, Software Testing Fundamentals: Methods and Metrics (Wiley & Sons, 2003)
3 M. R. Lyu & L. K. Y. Lau, 'Firewall Security: Policies, Testing and Performance Evaluation,' proc.of Computer Software and Applications Conference: COMSAC2000, 2000, 116-121   DOI
4 www.infis.univ.trieste.it/~lcars/ftest
5 S. Northcutt, and et. al., Inside Network Perimeter Security (USA: New Riders Publishing, 2003)
6 B. McCarty, Red hat Linux Firewlls(Indianapolis, IN: Wiley Publishing, 2003)
7 www.0kr.net/files/iptables-tutorial.html
8 Y. H. Cho, S. Navab, & W. H. Mangione-Smith, 'Specialized Hardware for Deep network Packet Filtering,' LNCS2438, 2002, 452-461
9 J. Wack, 'Firewall Testing and Rating,' Proc.of NATIONAL INFORMATION SYSTEMS SECURITY CONFERENCE, 1996
10 E. E. Schultz, 'When Firewalls Fail: Lessons Learned From Firewall Testing,' NETWORK SECURITY, 1997, 8-11   DOI   ScienceOn
11 E. E. Schultz, 'How to Perform Effective Firewall Testing,' COMPUTER SECURITY JOURNAL, 12(1), 1996, 47-54
12 B. Potter & G. McGraw, 'Sooftware Security Testing,' IEEE SECURITY AND PRIVACY MAGAZINE, 2(5), 2004, 81-85   DOI   ScienceOn