Systematic Structural Testing of Firewall Policies


Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. As the quality of protection provided by a firewall directly depends on the quality of its policy (i.e., configuration), ensuring the correctness of firewall policies is important and yet difficult. To help ensure the correctness, we propose a systematic structural testing approach for firewall policies. We define structural coverage (based on coverage criteria of rules, predicates, and clauses) on the firewall policy under test. To achieve high structural coverage effectively, we have developed four automated packet generation techniques: the random packet generation, the one based on local constraint solving (considering individual rules locally in a policy), the one based on global constraint solving (considering multiple rules globally in a policy), and the one based on boundary values. We have conducted an experiment on a set of real policies and a set of faulty policies to detect faults with generated packet sets. Generally, our experimental results show that a packet set with higher structural coverage has higher fault-detection capability (i.e., detecting more injected faults). Our experimental results show that a reduced packet set (maintaining the same level of structural coverage with the corresponding original packet set) maintains similar fault-detection capability with the original set.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here

PROJECT TITLE : Twitter and Research A Systematic Literature Review Through Text Mining ABSTRACT: Researchers have gathered Twitter data to investigate a variety of subjects. This growing body of knowledge, however, has yet to
PROJECT TITLE :Systematic Design of an Approximate Adder: The Optimized Lower Part Constant-OR Adder - 2018ABSTRACT:Exploiting the tradeoff between accuracy and hardware cost incorporates a tremendous potential to boost the efficiency
PROJECT TITLE :Energy and Area Efficient Three-Input XOR/XNORs With Systematic Cell Design Methodology - 2017ABSTRACT:In this temporary, we have a tendency to propose three efficient three-input XOR/XNOR circuits as the foremost
PROJECT TITLE : A Systematic Approach Toward Description and Classification of Cybercrime Incidents - 2017 ABSTRACT: The advancements in laptop systems and networks have created a replacement environment for criminal acts,
PROJECT TITLE : A Systematic Review on Educational Data Mining - 2017 ABSTRACT: Presently, instructional institutions compile and store huge volumes of knowledge, like student enrolment and attendance records, along with their

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry