论文信息 - Mutation Analysis for Security

Mutation Analysis for Security

Security has become, nowadays, a major concern for the organizations as the majority of its applications are exposed to Internet, which increases the threats of security considerably. Thus, the solution is to improve tools and mechanisms to strengthen the protection of applications against attacks and ensure the dierent security objectives. Among solutions we will talking about, in this paper, there is Mutation Analysis which is a technique of test that evaluates the quality of software tests and their ability to detect errors, It also compares the criteria and test generation strategies. In this study we will use the Mutation Analysis as a mean to qualify the penetration tests, and then, apply this technique in the security mechanisms and exactly on the mechanisms of access control. At the end we will propose a method for the elimination of hidden mechanisms for access control that will allow the access control policy to evolve.

Said El Hajji | Mohammed Ennahbaoui

[1] Gary McGraw,et al. Software Penetration Testing , 2005, IEEE Secur. Priv..

[2] Helayne T. Ray,et al. Toward an automated attack model for red teams , 2005, IEEE Security & Privacy Magazine.

[3] David Pichardie,et al. Proof-carrying code from certified abstract interpretation and fixpoint compression , 2006, Theor. Comput. Sci..

[4] Tejeddine Mouelhi,et al. Testing and Modeling Security Mechanisms in Web Applications , 2010 .

[5] David Evans,et al. Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[6] Lori L. Pollock,et al. An Attack Simulator for Systematically Testing Program-based Security Mechanisms , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[7] Anas Abou El Kalam,et al. Modèles et politiques de securite pour les domaines de la SANTE et des Affaires sociales. (Security policies and models for Health Care Computing and Communication Systems) , 2003 .

[8] Annie I. Antón,et al. Misuse and Abuse Cases : Getting Past the Positive , 2022 .

[9] Frédéric Cuppens,et al. Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[10] Hélène Waeselynck,et al. Validation du test du logiciel par injection de fautes : L'outil SESAME , 1998 .