A formal approach for testing security rules
- 20 June 2007
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 12th ACM symposium on Access control models and technologies - SACMAT '07
- p. 127-132
- https://doi.org/10.1145/1266840.1266860
Abstract
Nowadays, security policies are the key point of every modern infrastructure. The specification and the testing of such policies are the fundamental steps in the development of a secure system since any error in a set of rules is likely to harm the global security. To address both challenges, we propose a framework to specify security policies and test their implementation on a system. Our framework makes it possible to generate in an automatic manner, test sequences, in order to validate the conformance of a security policy. system behavior is specified using a formal description technique based on extended finite state machine (EFSM) [12]. The integration of security rules within the system specification is performed by specific algorithms. Then, the automatic tests generation is performed using a dedicated tool, called SIRIUS, developed in our laboratory. Finally, we briefly present a weblog system as a case study to demonstrate the reliability of our framework.Keywords
This publication has 4 references indexed in Scilit:
- Analysis of Policy Anomalies on Distributed Network Security SetupsLecture Notes in Computer Science, 2006
- Test Generation for Network Security RulesLecture Notes in Computer Science, 2006
- Firewall Conformance TestingLecture Notes in Computer Science, 2005
- Principles and methods of testing finite state machines-a surveyProceedings of the IEEE, 1996