Article

Blowtorch: a framework for firewall test automation

Authors:

Daniel Hoffman,

Kevin YooAuthors Info & Claims

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

Pages 96 - 103

https://doi.org/10.1145/1101908.1101925

Published: 07 November 2005 Publication History

Get Access

Abstract

Firewalls play a crucial role in network security. Experience has shown that the development of firewall rule sets is complex and error prone. Rule set errors can be costly, by allowing damaging traffic in or by blocking legitimate traffic and causing essential applications to fail. Consequently, firewall testing is extremely important. Unfortunately, it is also hard and there is little tool support available.Blowtorch is a C++ framework for firewall test generation. The central construct is the packet iterator: an event-driven generator of timestamped packet streams. Blowtorch supports the development of packet iterators with a library for packet header creation and parsing, a transmit scheduler for multiplexing of multiple packet streams, and a receive monitor for demultiplexing of arriving packet streams. The framework provides iterators which generate packet streams using covering arrays, production grammars, and replay of captured TCP traffic. Blowtorch has been used to develop tests for industrial firewalls that are placed between an IT network and a process control network.

References

[1]

Protos - security testing of protocol implementations, 2000. http://www.ee.oulu./research/ouspg/protos/.

Google Scholar

[2]

K. Al-Tawil and I. A. Al-Kaltham. Evaluation and testing of internet rewalls. Int. J. Netw. Manag., 9(3):135--149, 1999.

Digital Library

Google Scholar

[3]

E. Byres and K. Savage. NISCC good practice guide on rewall deployment for SCADA and process control networks. http://www.niscc.gov.uk/niscc/docs/re20050223-00157.pdf, 2005.

Google Scholar

[4]

D. M. Cohen, S. R. Dalal, J. Parelius, and G. C. Patton. The combinatorial design approach to automatic test generation. IEEE Softw., 13(5):83--88, 1996.

Digital Library

Google Scholar

[5]

A. G. Duncan and J. S. Hutchison. Using attributed grammars to test designs and implementations. In ICSE '81: Proceedings of the 5th international conference on Software engineering, pages 170--178, Piscataway, NJ, USA, 1981. IEEE Press.

Digital Library

Google Scholar

[6]

D. Hoffman and E. Byres. Worlds in collision: Ethernet on the plant oor. In ISA Emerging Technologies Conference. Instrumentation Systems and Automation Society, Oct. 2002.

Google Scholar

[7]

J. Jurjens and G. Wimmel. Specification based testing of rewalls. In 4th International Conference Perspectives of System Informatics, 2001.

Digital Library

Google Scholar

[8]

J. Labrosse. MicroC OS II: the Real Time Kernel. CMP Books, second edition, 2002.

Digital Library

Google Scholar

[9]

A. Mayer, A. Wool, and E. Ziskind. Fang: A rewall analysis engine. In SP '00: Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), page 177, Washington, DC, USA, 2000. IEEE Computer Society.

Digital Library

Google Scholar

[10]

B. McCarty. Red Hat Linux Firewalls. Wiley Publishing, first edition, 2003.

Digital Library

Google Scholar

[11]

J. Sommers, V. Yegneswaran, and P. Barford. A framework for malicious workload generation. In IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 82--87, New York, NY, USA, 2004. ACM Press.

Digital Library

Google Scholar

[12]

K. C. Tai and Y. Lie. A test generation strategy for pairwise testing. IEEE Trans. Softw. Eng., 28(1):109--111, 2002.

Digital Library

Google Scholar

[13]

A. S. Tanenbaum. Computer Networks. Prentice Hall, fourth edition, 2003.

Digital Library

Google Scholar

[14]

A. Wool. A quantitative study of rewall configuration errors. Computer Magazine, pages 62--67, 2004.

Digital Library

Google Scholar

Cited By

View all

Barakat RCatal FTcholtchev NRebahi YSchieferdecker I(2020)Industrial Grade Methodology for Firewall Simulation and Requirements VerificationNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS47738.2020.9110345(1-7)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1109/NOMS47738.2020.9110345
Reaz RAcharya HElmallah ECobb JGouda M(2019)Policy expressions and the bottom-up design of computing policiesComputing10.1007/s00607-018-0655-0101:9(1307-1326)Online publication date: 1-Sep-2019
https://dl.acm.org/doi/10.1007/s00607-018-0655-0
Khoumsi AErradi M(2019)Automata-Based Bottom-Up Design of Conflict-Free Security Policies Specified as Policy ExpressionsNetworked Systems10.1007/978-3-030-05529-5_23(343-357)Online publication date: 5-Jan-2019
https://doi.org/10.1007/978-3-030-05529-5_23
Show More Cited By

Index Terms

Blowtorch: a framework for firewall test automation
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Network processor acceleration for a Linux* netfilter firewall
ANCS '05: Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems

Network firewalls occupy a central role in computer security, protecting data, compute, and networking resources while still allowing useful packets to flow. Increases in both the work per network packet and packet rate make it increasingly difficult ...
Application of evolutionary algorithm in performance optimization of embedded network firewall
Abstract
With the development of the network, the problem of network security is becoming increasingly serious. The importance of a firewall as the "first portal" to network security is obvious. In order to cope with a complex network environment, the ...
Implementation of a Programmatic Automated Testing Tool Based on Java
ICEE '12: Proceedings of the 2012 3rd International Conference on E-Business and E-Government - Volume 02

Traditional testing technology of graphical user interface (GUI) testing is capture and replay (CR). Commonly, CR technique can not be used before Java Application Under Test (JAUT) which is completely developed. In this paper, it proposed a Java ...

Comments

Information & Contributors

Information

Published In

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

November 2005

482 pages

ISBN:1581139934

DOI:10.1145/1101908

General Chair:
David Redmiles
University of California, Irvine, CA
,
Program Chairs:
Tom Ellman
Vassar College
,
Andrea Zisman
City University, UK

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ASE05

Sponsor:

ASE05: International Conference on Automated Software Engineering 2005

November 7 - 11, 2005

CA, Long Beach, USA

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
787
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Barakat RCatal FTcholtchev NRebahi YSchieferdecker I(2020)Industrial Grade Methodology for Firewall Simulation and Requirements VerificationNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS47738.2020.9110345(1-7)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1109/NOMS47738.2020.9110345
Reaz RAcharya HElmallah ECobb JGouda M(2019)Policy expressions and the bottom-up design of computing policiesComputing10.1007/s00607-018-0655-0101:9(1307-1326)Online publication date: 1-Sep-2019
https://dl.acm.org/doi/10.1007/s00607-018-0655-0
Khoumsi AErradi M(2019)Automata-Based Bottom-Up Design of Conflict-Free Security Policies Specified as Policy ExpressionsNetworked Systems10.1007/978-3-030-05529-5_23(343-357)Online publication date: 5-Jan-2019
https://doi.org/10.1007/978-3-030-05529-5_23
Acharya H(2018)Parallel Processing of Packets with a PRAMProceedings of the 19th International Conference on Distributed Computing and Networking10.1145/3154273.3154334(1-9)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3154273.3154334
Elmallah EGouda M(2017)Hardness of Firewall AnalysisIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.245553214:3(339-349)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1109/TDSC.2015.2455532
Reaz RAcharya HElmallah ECobb JGouda M(2017)Policy Expressions and the Bottom-Up Design of Computing PoliciesNetworked Systems10.1007/978-3-319-59647-1_12(151-165)Online publication date: 14-May-2017
https://doi.org/10.1007/978-3-319-59647-1_12
Valenza FVallini MLioy AYou IBertino E(2016)Online and Offline Security Policy AssessmentProceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats10.1145/2995959.2995970(101-104)Online publication date: 28-Oct-2016
https://dl.acm.org/doi/10.1145/2995959.2995970
Acharya HKumar SWadhwa MShah A(2016)Rules in play: On the complexity of routing tables and firewalls2016 IEEE 24th International Conference on Network Protocols (ICNP)10.1109/ICNP.2016.7784426(1-10)Online publication date: Nov-2016
https://doi.org/10.1109/ICNP.2016.7784426
Heule MReaz RAcharya HGouda M(2016)Analysis of Computing Policies Using SAT Solvers (Short Paper)Stabilization, Safety, and Security of Distributed Systems10.1007/978-3-319-49259-9_16(190-194)Online publication date: 3-Nov-2016
https://doi.org/10.1007/978-3-319-49259-9_16
Khoumsi AErradi MAyache MKrombi W(2016)An Approach to Resolve NP-Hard Problems of FirewallsNetworked Systems10.1007/978-3-319-46140-3_19(229-243)Online publication date: 15-Sep-2016
https://doi.org/10.1007/978-3-319-46140-3_19
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Network processor acceleration for a Linux* netfilter firewall

Application of evolutionary algorithm in performance optimization of embedded network firewall

Implementation of a Programmatic Automated Testing Tool Based on Java

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations