ConfVeal: Automated Testing of Security Conguration Enforcement in Access Control Devices As network security devices constantly updated in their implementation to accommodate new features, or new hardware optimization, the enforcement of the security conguration becomes questionable. In this project, we propose a fully automated pseudo-live testing system (called ConVeal) of security conguration enforcement of access control devices. Our system, ConfVeal, has two novel components: (1) Segmentation-based Test Trac Generator: it uses a novel technique that translates policy congurations into coarse and ne-grain segments in trac space and then generates packets intelligently according to the segment criticality in order to achieve high test space coverage, and (2) Comprehensive Policy Generator: it generates comprehensive policy proles considering various policy structures, eld values, rule complexity and interactions based on customized proles or learned features of existing policy conguration. This research will investigate fundamental issues related to security devices quality assurance. This is important for vendors, government and general consumers. We believe that our proposed research agenda will promote deployment new ecient techniques for access control conguration testing by vendors. New concepts and tools for testing security systems which will stimulate modeling and theorizing pseudo-live conguration testing in research and education. The project will integrate research and education through a close interaction between faculty and both graduate students.
