Team Edit Automata for Testing Security Property

This paper introduces a mathematical model, called team edit automata, for evaluating software security properties. We use the model to describe security properties and their correlation in the software programs. The component automata can suppress and insert actions and report possible flaws. They are used to specify individual security properties. The team is composed of multiple component automata interacting through shared actions. It models the situation where some program events are concerned by multiple security properties jointly. The paper concludes by a case study of detecting memory management and pointer manipulation flaws in C/C++ programs.

[1]  Junfeng Yang,et al.  MECA: an extensible, expressive system and language for statically checking security properties , 2003, CCS '03.

[2]  Kenneth R. van Wyk,et al.  Secure Coding: Principles and Practices , 2003 .

[3]  Sheng Zhong,et al.  Attacks on the (enhanced) Yang-Shieh authentication , 2003, Comput. Secur..

[4]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[5]  Chin-Chen Chang,et al.  Secret sharing with access structures in a hierarchy , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[6]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[7]  F. Kuo,et al.  Cryptographic key assignment scheme for dynamic access control in a user hierarchy , 1999 .

[8]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[9]  Ashok Samal,et al.  DISEC: a distributed framework for scalable secure many-to-many communication , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[10]  Clarence A. Ellis Team automata for groupware systems , 1997, GROUP '97.

[11]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[12]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[13]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[14]  Chu-Hsing Lin,et al.  Dynamic key management schemes for access control in a hierarchy , 1997, Comput. Commun..

[15]  Grzegorz Rozenberg,et al.  Synchronizations in Team Automata for Groupware Systems , 2003, Computer Supported Cooperative Work (CSCW).

[16]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.