CSR-DMSS, SM: ConfVeal: Automated Testing of Security Configuration Enforcement in Distributed Networks

CSR-DMSS、SM：ConfVeal：分布式网络中安全配置实施的自动化测试

• 批准号: 1019223
• 负责人: Ehab Al-Shaer
• 金额: $ 21.29万
• 依托单位: University of North Carolina at Charlotte
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-01-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1019223&HistoricalAwards=false
• 关键词: CSR; DMSS; SM; ConfVeal; Automated

ConfVeal: Automated Testing of Security Conguration Enforcement in Access Control Devices As network security devices constantly updated in their implementation to accommodate new features, or new hardware optimization, the enforcement of the security conguration becomes questionable. In this project, we propose a fully automated pseudo-live testing system (called ConVeal) of security conguration enforcement of access control devices. Our system, ConfVeal, has two novel components: (1) Segmentation-based Test Trac Generator: it uses a novel technique that translates policy congurations into coarse and ne-grain segments in trac space and then generates packets intelligently according to the segment criticality in order to achieve high test space coverage, and (2) Comprehensive Policy Generator: it generates comprehensive policy proles considering various policy structures, eld values, rule complexity and interactions based on customized proles or learned features of existing policy conguration. This research will investigate fundamental issues related to security devices quality assurance. This is important for vendors, government and general consumers. We believe that our proposed research agenda will promote deployment new ecient techniques for access control conguration testing by vendors. New concepts and tools for testing security systems which will stimulate modeling and theorizing pseudo-live conguration testing in research and education. The project will integrate research and education through a close interaction between faculty and both graduate students.

访问控制设备中安全配置强制执行的自动测试随着网络安全设备在其实施过程中不断更新以适应新功能或新的硬件优化，安全强制执行变得可疑。在这个项目中，我们提出了一个访问控制设备安全拥塞强制执行的全自动化伪实时测试系统(称为ConVere)。我们的系统ConfVere有两个新的组成部分：(1)基于分段的测试轨迹生成器：它使用了一种新的技术，将策略拥塞转换为轨迹空间中的粗粒度和细粒度段，然后根据段的关键程度智能地生成分组，以实现高测试空间覆盖率；(2)综合策略生成器：它基于定制的无产者或现有策略一致性的学习特征，生成综合的策略ProLE。这项研究将调查与安全设备质量保证相关的基本问题。这对供应商、政府和普通消费者都很重要。我们相信，我们提出的研究议程将促进供应商为访问控制拥塞测试部署新的专用技术。用于测试安全系统的新概念和工具，这将促进在研究和教育中对伪实时充血测试进行建模和理论化。该项目将通过教师和研究生之间的密切互动将研究和教育结合起来。