CSR-DMSS, SM: ConfVeal: Automated Testing of Security Configuration Enforcement in Distributed Networks

CSR-DMSS、SM：ConfVeal：分布式网络中安全配置实施的自动化测试

• 批准号: 1019223
• 负责人: Ehab Al-Shaer
• 金额: $ 21.29万
• 依托单位: University of North Carolina at Charlotte
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-01-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1019223&HistoricalAwards=false
• 关键词: CSR; DMSS; SM; ConfVeal; Automated

ConfVeal: Automated Testing of Security Conguration Enforcement in Access Control Devices As network security devices constantly updated in their implementation to accommodate new features, or new hardware optimization, the enforcement of the security conguration becomes questionable. In this project, we propose a fully automated pseudo-live testing system (called ConVeal) of security conguration enforcement of access control devices. Our system, ConfVeal, has two novel components: (1) Segmentation-based Test Trac Generator: it uses a novel technique that translates policy congurations into coarse and ne-grain segments in trac space and then generates packets intelligently according to the segment criticality in order to achieve high test space coverage, and (2) Comprehensive Policy Generator: it generates comprehensive policy proles considering various policy structures, eld values, rule complexity and interactions based on customized proles or learned features of existing policy conguration. This research will investigate fundamental issues related to security devices quality assurance. This is important for vendors, government and general consumers. We believe that our proposed research agenda will promote deployment new ecient techniques for access control conguration testing by vendors. New concepts and tools for testing security systems which will stimulate modeling and theorizing pseudo-live conguration testing in research and education. The project will integrate research and education through a close interaction between faculty and both graduate students.

ConfVeal：访问控制设备中的安全拥塞实施的自动化测试随着网络安全设备在其实现中不断更新以适应新的特征或新的硬件优化，安全拥塞的实施变得可疑。在这个项目中，我们提出了一个完全自动化的伪现场测试系统（称为ConVeal）的安全认证执行的访问控制设备。我们的系统ConfVeal有两个新颖的组件：（1）基于分段的测试Trac生成器：它使用一种新颖的技术，将策略聚集转换为trac空间中的粗粒度段，然后根据段关键性智能生成数据包，以实现高测试空间覆盖率，以及（2）综合策略生成器：它根据定制的问题或了解的现有策略配置的特征，考虑各种策略结构、eld值、规则复杂性和交互作用，生成全面的策略问题。本研究将探讨与安全设备质量保证相关的基本问题。这对供应商、政府和普通消费者都很重要。我们相信，我们提出的研究议程将促进部署新的ecient技术的访问控制性能测试的供应商。用于测试安全系统的新概念和工具，这将刺激研究和教育中的伪实时仿真测试的建模和理论化。该项目将通过教师和研究生之间的密切互动来整合研究和教育。