Model-Based Security Verification and Testing for Smart-cards

Elizabeta Fourneret 1 Martin Ochoa 2 Fabrice Bouquet 1 Julien Botella 3 Jan Jürjens 2 Parvaneh Yousefi 2
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies, INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Model-Based Testing (MBT) is a widely used methodology for generating tests aiming to ensure that the system behaviour conforms to its specification. Recently, it has been successfully applied for testing certain security properties. However, for the success of this approach, it is an important prerequisite to consider the correctness of test models with respect to the given security property. In this paper we present an approach for smart-card specific security properties that permits to validate the system with MBT from test schemas. We combine this MBT approach with UMLsec security verification technique, by using UMLsec stereotypes to verify the model w.r.t. given security properties and gain more confidence in the model. We then define an automatic procedure to generate security test from the UMLsec model via so-called "test schemas". We validate this approach on a fragment of the Global Platform specification and report on available tool support.
Type de document :
Communication dans un congrès
6th International Conference on Availability, Reliability and Security - ARES 2011, Aug 2011, Vienna, Austria. IEEE, pp.272 - 279, 2011, 2011 Sixth International Conference on Availability, Reliability and Security (ARES). 〈10.1109/ARES.2011.46〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00649256
Contributeur : Fabrice Bouquet <>
Soumis le : mercredi 7 décembre 2011 - 15:03:28
Dernière modification le : jeudi 11 janvier 2018 - 06:20:00

Identifiants

Citation

Elizabeta Fourneret, Martin Ochoa, Fabrice Bouquet, Julien Botella, Jan Jürjens, et al.. Model-Based Security Verification and Testing for Smart-cards. 6th International Conference on Availability, Reliability and Security - ARES 2011, Aug 2011, Vienna, Austria. IEEE, pp.272 - 279, 2011, 2011 Sixth International Conference on Availability, Reliability and Security (ARES). 〈10.1109/ARES.2011.46〉. 〈hal-00649256〉

Partager

Métriques

Consultations de la notice

285