METHOD APPARATUS AND COMPUTER PROGRAM FOR TESTING NETWORK SECURITY POLICY

摘要

A method for testing security policy in a software-defined network according to an embodiment of the present invention comprises: a step A of transmitting a TCP SYN packet on a test target security function as a packet out message to a switch connected to the security function in a controller; a step B of determining that a failure has occurred in the security function when receiving an SYN response packet on the TCP SYN packet as a packet in message from the switch in the controller; and a step C of transmitting a temporary measure flow rule directing a packet related to a failure occurrence security function to drop, to the switch in the controller. The method can quickly take a measure on the failure of the security function.