An Access Control Model Based Testing Approach for Smart Card Applications: Results of the POSÉ Project

This paper is about generating security tests from the Common Criteria expression of a security policy, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the concretization layer developed for the functional testing, and relies on an additional security policy model. We discuss how to produce the security policy model from a Common Criteria security target. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach by means of the IAS1 case study, a smart card application dedicated to the operations of Identification, Authentication and electronic Signature.

[1]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[2]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[3]  Jacques Julliand,et al.  Generating Tests from B Specifications and Test Purposes , 2008, ABZ.

[4]  Insup Lee,et al.  Specification-based testing with linear temporal logic , 2004, Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, 2004. IRI 2004..

[5]  Frédéric Dadeau,et al.  A B Formal Framework for Security Developments in the Domain of Smart Card Applications , 2008, SEC.

[6]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[7]  Amal Haddad,et al.  Meca: A Tool for Access Control Models , 2007, B.

[8]  Sanjai Rayadurgam,et al.  Coverage based test-case generation using model checkers , 2001, Proceedings. Eighth Annual IEEE International Conference and Workshop On the Engineering of Computer-Based Systems-ECBS 2001.

[9]  Wei Ding,et al.  Using a model checker to test safety properties , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[10]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[11]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[12]  Frédéric Dadeau,et al.  Mastering combinatorial explosion with the tobias-2 test generator , 2007, ASE '07.

[13]  Thierry Jéron,et al.  An Approach to Symbolic Test Generation , 2000, IFM.

[14]  Thierry Jéron,et al.  TGV : theory , principles and algorithms A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems , 2004 .

[15]  Fabrice Bouquet,et al.  Safety Property Driven Test Generation from , 2006, FATES/RV.

[16]  Keqin Li,et al.  Test Generation from Security Policies Specified in Or-BAC , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[17]  Boris Beizer,et al.  Black Box Testing: Techniques for Functional Testing of Software and Systems , 1996, IEEE Software.

[18]  Dominique Cansell,et al.  Integration of Security Policy into System Modeling , 2007, B.

[19]  Jan Tretmans,et al.  Conformance Testing with Labelled Transition Systems: Implementation Relations and Test Generation , 1996, Comput. Networks ISDN Syst..

[20]  Thierry Jéron,et al.  A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems , 2005 .

[21]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[22]  Bruno Legeard,et al.  LEIRIOS Test Generator: Automated Test Generation from B Models , 2007, B.

[23]  Marie-Laure Potet,et al.  GeneSyst: A Tool to Reason About Behavioral Aspects of B Event Specifications. Application to Security Properties , 2005, ZB.

[24]  Bruno Legeard,et al.  Generation of test sequences from formal specifications: GSM 11‐11 standard case study , 2004, Softw. Pract. Exp..

[25]  Insup Lee,et al.  A Temporal Logic Based Theory of Test Coverage and Generation , 2002, TACAS.

[26]  Frédéric Dadeau,et al.  A Verifiable Conformance Relationship between Smart Card Applets and B Security Models , 2008, ABZ.

[27]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[28]  Thierry Jéron,et al.  Using On-The-Fly Verification Techniques for the Generation of test Suites , 1996, CAV.

[29]  Bertrand Jeannet,et al.  From Safety Verification to Safety Testing , 2004, TestCom.

[30]  Jacques Julliand,et al.  Generating security tests in addition to functional tests , 2008, AST '08.

[31]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[32]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[33]  Bertrand Jeannet,et al.  Symbolic Test Selection Based on Approximate Analysis , 2005, TACAS.

[34]  Jacques Julliand,et al.  Automatic generation of model based tests for a class of security properties , 2007, A-MOST '07.

[35]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[36]  Alan Hartman,et al.  Using a model-based test generator to test for standard conformance , 2002, IBM Syst. J..

[37]  Thierry Jéron,et al.  Integrating formal verification and conformance testing for reactive systems , 2007, IEEE Transactions on Software Engineering.

[38]  Marie-Laure Potet,et al.  Security Policy Enforcement Through Refinement Process , 2007, B.

[39]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[40]  Angelo Gargantini,et al.  Using model checking to generate tests from requirements specifications , 1999, ESEC/FSE-7.

[41]  A. Gargantini,et al.  Using Model Che king to Generate Testsfrom Requirements Spe i ations ? , 1999 .