A Formal Equivalence Classes Based Method for Security Policy Conformance Checking

Abstract : Different security policy models have been developed and published in the past. Proven security policy models, if correctly implemented, guarantee the protection of data objects from unauthorized access or usage or prevent an illegal information flow. To verify that a security policy model has been correctly implemented, it is important to define and execute an exhaustive list of test cases, which verify that the formal security policy neither has been over-constrained nor under-constrained. In this paper we present a method for defining an exhaustive list of test cases, based on formally described equivalence classes that are derived from the formal security policy description.
Type de document :
Communication dans un congrès
Gerald Quirchmayr; Josef Basl; Ilsun You; Lida Xu; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Aug 2012, Prague, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-7465, pp.146-160, 2012, Multidisciplinary Research and Practice for Information Systems. 〈10.1007/978-3-642-32498-7_12〉
Liste complète des métadonnées

Littérature citée [24 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01542451
Contributeur : Hal Ifip <>
Soumis le : lundi 19 juin 2017 - 17:01:30
Dernière modification le : mardi 20 juin 2017 - 01:06:35
Document(s) archivé(s) le : vendredi 15 décembre 2017 - 21:49:57

Fichier

978-3-642-32498-7_12_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Eckehard Hermann, Udo Litschauer, Jürgen Fuß. A Formal Equivalence Classes Based Method for Security Policy Conformance Checking. Gerald Quirchmayr; Josef Basl; Ilsun You; Lida Xu; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Aug 2012, Prague, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-7465, pp.146-160, 2012, Multidisciplinary Research and Practice for Information Systems. 〈10.1007/978-3-642-32498-7_12〉. 〈hal-01542451〉

Partager

Métriques

Consultations de la notice

23

Téléchargements de fichiers

23