论文信息 - A formal approach for testing security rules

A formal approach for testing security rules

Nowadays, security policies are the key point of every modern infrastructure. The specification and the testing of such policies are the fundamental steps in the development of a secure system since any error in a set of rules is likely to harm the global security. To address both challenges, we propose a framework to specify security policies and test their implementation on a system. Our framework makes it possible to generate in an automatic manner, test sequences, in order to validate the conformance of a security policy. system behavior is specified using a formal description technique based on extended finite state machine (EFSM) [12]. The integration of security rules within the system specification is performed by specific algorithms. Then, the automatic tests generation is performed using a dedicated tool, called SIRIUS, developed in our laboratory. Finally, we briefly present a weblog system as a case study to demonstrate the reliability of our framework.

[1] Alfred V. Aho,et al. An optimization technique for protocol conformance test generation based on UIO sequences and rural Chinese postman tours , 1991, IEEE Trans. Commun..

[2] David Lee,et al. Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[3] Ana R. Cavalli,et al. Hit-or-Jump: An algorithm for embedded testing with applications to IN services , 1999, FORTE.

[4] Jorge Lobo,et al. A Policy Description Language , 1999, AAAI/IAAI.

[5] Emil C. Lupu,et al. The Ponder Policy Specification Language , 2001, POLICY.

[6] Emil C. Lupu,et al. A Survey of Policy Specification Approaches , 2002 .

[7] Frédéric Cuppens,et al. Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[8] David A. Basin,et al. Firewall Conformance Testing , 2005, TestCom.

[9] Roland Groz,et al. Test Generation for Network Security Rules , 2006, TestCom.

[10] Nora Cuppens-Boulahia,et al. Analysis of Policy Anomalies on Distributed Network Security Setups , 2006, ESORICS.

[11] Nora Cuppens-Boulahia,et al. Towards Filtering and Alerting Rule Rewriting on Single-Component Policies , 2006, SAFECOMP.

[12] Nora Cuppens-Boulahia,et al. High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.