Conformance Testing of Temporal Role-Based Access Control Systems

We propose an approach for conformance testing of implementations required to enforce access control policies specified using the Temporal Role-Based Access Control (TRBAC) model. The proposed approach uses Timed Input-Output Automata (TIOA) to model the behavior specified by a TRBAC policy. The TIOA model is transformed to a deterministic se-FSA model that captures any temporal constraint by using two special events Set and Exp. The modified W-method and integer-programming-based approach are used to construct a conformance test suite from the transformed model. The conformance test suite so generated provides complete fault coverage with respect to the proposed fault model for TRBAC specifications.

[1]  Ferhat Khendek,et al.  Timed Wp-Method: Testing Real-Time Systems , 2002, IEEE Trans. Software Eng..

[2]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[3]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[4]  Robert V. Binder,et al.  Testing Object-Oriented Systems: Models, Patterns, and Tools , 1999 .

[5]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[6]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[7]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.

[8]  Frits W. Vaandrager,et al.  Testing timed automata , 1997, Theor. Comput. Sci..

[9]  Anand R. Tripathi,et al.  Static verification of security requirements in role based CSCW systems , 2003, SACMAT '03.

[10]  Satoshi Yamane,et al.  The symbolic model-checking for real-time systems , 1996, Proceedings of the Eighth Euromicro Workshop on Real-Time Systems.

[11]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[12]  Ahmed Khoumsi,et al.  A Method for Testing the Conformance of Real Time Systems , 2002, FTRTFT.

[13]  A. W. Roscoe,et al.  A Timed Model for Communicating Sequential Processes , 1986, Theor. Comput. Sci..

[14]  Wang Yi,et al.  CCS + Time = An Interleaving Model for Real Time Systems , 1991, ICALP.

[15]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[16]  Alexandre Petrenko,et al.  On Fault Coverage of Tests for Finite State Specifications , 1996, Comput. Networks ISDN Syst..

[17]  Ahmed Khoumsi,et al.  A New Method for Transforming Timed Automata , 2005, SBMF.

[18]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[19]  Arif Ghafoor,et al.  Scalable and effective test generation for access control systems , 2006 .

[20]  Rachel Cardell-Oliver Conformance Tests for Real-Time Systems with Timed Automata Specifications , 2000, Formal Aspects of Computing.

[21]  G. Nemhauser,et al.  Integer Programming , 2020 .

[22]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[23]  Arif Ghafoor,et al.  Scalable and Effective Test Generation for Role-Based Access Control Systems , 2009, IEEE Transactions on Software Engineering.

[24]  Vijayalakshmi Atluri,et al.  An authorization model for temporal data , 2000, CCS.

[25]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[26]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[27]  Stavros Tripakis,et al.  Analysis of Timed Systems Using Time-Abstracting Bisimulations , 2001, Formal Methods Syst. Des..

[28]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[29]  Stavros Tripakis,et al.  An Expressive and Implementable Formal Framework for Testing Real-Time Systems , 2005, TestCom.

[30]  Flora Malamateniou,et al.  A workflow-based approach to virtual patient record security , 1998, IEEE Transactions on Information Technology in Biomedicine.

[31]  Stavros Tripakis,et al.  Conformance testing for real-time systems , 2004, SPIN.

[32]  K. Larsen,et al.  Online Testing of Real-time Systems Using Uppaal , 2004, FATES.

[33]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[34]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[35]  M. Diaz,et al.  Modeling and Verification of Time Dependent Systems Using Time Petri Nets , 1991, IEEE Trans. Software Eng..