upf_firewall
Local mirror of Formal Network Models and Their Application to Firewall Policies (UPF-Firewall) entry of the Archive of Formal Proofs (AFP).
Science Score: 31.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (7.2%) to scientific vocabulary
Keywords
Repository
Local mirror of Formal Network Models and Their Application to Firewall Policies (UPF-Firewall) entry of the Archive of Formal Proofs (AFP).
Basic Info
- Host: GitHub
- Owner: logicalhacking
- License: other
- Language: Isabelle
- Default Branch: main
- Size: 175 KB
Statistics
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
- Releases: 0
Topics
Metadata Files
README.md
Formal Network Models and Their Application to Firewall Policies (UPF_Firewall)
This git repository contains a local mirror of A Formal Network Model and Their Application to Firewall Policies entry of the Archive of Formal Proofs (AFP).
The official AFP releases are tagged. Additionally, this repository may contain extensions (i.e., a development version) that may be submitted (as an update of the UPF_Firewall entry) at a later stage.
Installation
This project depends on another AFP entry:
The Unified Policy Framework (UPF).
Please follow the official guidelines
for installing the AFP locally. For short:
* Download the complete AFP
* Extract the downloaded archive to an directory of your choice
* Let's assume the extracted archive lives in /home/isabelle/afp, now execute:
console
achim@logicalhacking:~$ isabelle components -u "/home/isabelle/afp/thys"
How to build
console
achim@logicalhacking:~$ isabelle build -D UPF_Firewall
Authors
- Achim D. Brucker
- Lukas Brügger
- Burkhart Wolff
License
This project is licensed under a 3-clause BSD-style license.
SPDX-License-Identifier: BSD-3-Clause
Upstream Repository
The upstream git repository, i.e., the single source of truth, for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/afp-mirror/UPF_Firewall.
Publications
- Achim D. Brucker, Lukas Brügger, and Burkhart Wolff. Formal Firewall Conformance Testing: An Application of Test and Proof Techniques. In Software Testing, Verification & Reliability (STVR), 25 (1), pages 34-71, 2015. https://www.brucker.ch/bibliography/abstract/brucker.ea-formal-fw-testing-2014
Owner
- Name: Software Assurance & Security Research Team
- Login: logicalhacking
- Kind: organization
- Email: adbrucker@0x5f.org
- Location: Exeter, UK
- Website: https://logicalhacking.com
- Twitter: logicalhacking
- Repositories: 6
- Profile: https://github.com/logicalhacking
Git mirror of the Software Assurance & Security Research Team at the University of Exeter, UK. The team is headed by Achim D. Brucker (@adbrucker).
Citation (CITATION)
To cite the use of this formal theory, please use
Achim D. Brucker, Lukas Brügger, and Burkhart Wolff. Formal Network
Models and Their Application to Firewall Policies. In Archive of Formal
Proofs, 2017. http://www.isa-afp.org/entries/UPF_Firewall.shtml,
Formal proof development.
A BibTeX entry for LaTeX users is
@Article{ brucker.ea:upf-firewall:2017,
abstract = {We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the \emph{Unified Policy Framework} (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.},
author = {Achim D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff},
date = {2017-01-08},
file = {https://www.brucker.ch/bibliography/download/2017/brucker.ea-upf-firewall-outline-2017.pdf},
filelabel = {Outline},
issn = {2150-914x},
journal = {Archive of Formal Proofs},
month = {jan},
note = {\url{http://www.isa-afp.org/entries/UPF_Firewall.shtml}, Formal proof development},
pdf = {https://www.brucker.ch/bibliography/download/2017/brucker.ea-upf-firewall-2017.pdf},
title = {Formal Network Models and Their Application to Firewall Policies},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-upf-firewall-2017},
year = {2017},
}
An overview of the formalization is given in:
Achim D. Brucker, Lukas Brügger, and Burkhart Wolff. Formal Firewall
Conformance Testing: An Application of Test and Proof Techniques. In
Software Testing, Verification & Reliability (STVR), 25 (1), pages
34-71, 2015.
https://www.brucker.ch/bibliography/abstract/brucker.ea-formal-fw-testing-2014
A BibTeX entry for LaTeX users is
@Article{ brucker.ea:formal-fw-testing:2014,
abstract = {Firewalls are an important means to secure
critical ICT infrastructures. As configurable
off-the-shelf prod\-ucts, the effectiveness of a
firewall crucially depends on both the correctness
of the implementation itself as well as the
correct configuration. While testing the
implementation can be done once by the
manufacturer, the configuration needs to be tested
for each application individually. This is
particularly challenging as the configuration,
implementing a firewall policy, is inherently
complex, hard to understand, administrated by
different stakeholders and thus difficult to
validate. This paper presents a formal model of
both stateless and stateful firewalls (packet
filters), including NAT, to which a
specification-based conformance test case
gen\-eration approach is applied. Furthermore, a
verified optimisation technique for this approach
is presented: starting from a formal model for
stateless firewalls, a collection of
semantics-preserving policy transformation rules
and an algorithm that optimizes the specification
with respect of the number of test cases required
for path coverage of the model are derived. We
extend an existing approach that integrates
verification and testing, that is, tests and
proofs to support conformance testing of network
policies. The presented approach is supported by a
test framework that allows to test actual
firewalls using the test cases generated on the
basis of the formal model. Finally, a report on
several larger case studies is presented.},
author = {Achim D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff},
doi = {10.1002/stvr.1544},
journal = {Software Testing, Verification & Reliability (STVR)},
keywords= {model-based testing; conformance testing; security
testing; firewall; specification-based testing;
testing cloud infrastructure, transformation for
testability; HOL-TestGen; test and proof; security
configuration testing},
language= {USenglish},
number = {1},
pages = {34--71},
pdf = {https://www.brucker.ch/bibliography/download/2014/brucker.ea-formal-fw-testing-2014.pdf},
publisher= {John Wiley & Sons},
title = {Formal Firewall Conformance Testing: An Application of Test and Proof Techniques},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-formal-fw-testing-2014},
volume = {25},
year = {2015},
}
GitHub Events
Total
Last Year
Issues and Pull Requests
Last synced: 12 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0