CSR-DMSS, SM: ConfVeal: Automated Testing of Security Configuration Enforcement in Distributed Networks

CSR-DMSS、SM：ConfVeal：分布式网络中安全配置实施的自动化测试

• 批准号: 1019223
• 负责人: Ehab Al-Shaer
• 金额: $ 21.29万
• 依托单位: University of North Carolina at Charlotte
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-01-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1019223&HistoricalAwards=false
• 关键词: CSR; DMSS; SM; ConfVeal; Automated

ConfVeal: Automated Testing of Security Conguration Enforcement in Access Control Devices As network security devices constantly updated in their implementation to accommodate new features, or new hardware optimization, the enforcement of the security conguration becomes questionable. In this project, we propose a fully automated pseudo-live testing system (called ConVeal) of security conguration enforcement of access control devices. Our system, ConfVeal, has two novel components: (1) Segmentation-based Test Trac Generator: it uses a novel technique that translates policy congurations into coarse and ne-grain segments in trac space and then generates packets intelligently according to the segment criticality in order to achieve high test space coverage, and (2) Comprehensive Policy Generator: it generates comprehensive policy proles considering various policy structures, eld values, rule complexity and interactions based on customized proles or learned features of existing policy conguration. This research will investigate fundamental issues related to security devices quality assurance. This is important for vendors, government and general consumers. We believe that our proposed research agenda will promote deployment new ecient techniques for access control conguration testing by vendors. New concepts and tools for testing security systems which will stimulate modeling and theorizing pseudo-live conguration testing in research and education. The project will integrate research and education through a close interaction between faculty and both graduate students.

由于网络安全设备的实现不断更新，以适应新的特性或新的硬件优化，因此安全配置的实施变得值得怀疑。在这个项目中，我们提出了一个访问控制设备安全配置强制执行的全自动伪实时测试系统（称为conval）。我们的系统ConfVeal有两个新颖的组成部分：(1)基于分段的测试轨迹生成器：它使用一种新颖的技术，将策略配置转换为轨迹空间中的粗粒和新粒段，然后根据段的临界性智能生成数据包，以实现高测试空间覆盖率；(2)综合策略生成器：它基于自定义的proles或现有策略配置的学习特征，生成综合的策略proles，考虑各种策略结构、字段值、规则复杂性和交互。本研究将探讨与安全装置品质保证相关的基本问题。这对供应商、政府和普通消费者都很重要。我们相信，我们提出的研究议程将促进厂商部署新的访问控制配置测试高效技术。用于测试安全系统的新概念和工具，将在研究和教育中促进模拟和理论化伪实时配置测试。该项目将通过教师和研究生之间的密切互动，将研究和教育结合起来。