Automatic Testing of Access Control for Security Properties

Abstract : In this work, we investigate the combination of controller synthesis and test generation techniques for the testing of open, partially observable systems with respect to security policies. We consider two kinds of properties: integrity properties and confidentiality properties. We assume that the behavior of the system is modeled by a labeled transition system and assume the existence of a black-box implementation. We first outline a method allowing to automatically compute an ideal access control ensuring these two kinds of properties. Then, we show how to derive testers that test the conformance of the implementation with respect to its specification, the correctness of the real access control that has been composed with the implementation in order to ensure a security property, and the security property itself.
Type de document :
Communication dans un congrès
TESTCOM/FATES 2009, Nov 2009, Eindhoven, Netherlands. Springer-Verlag, 5826, pp.113-128, 2009, Lecture notes in computer science. 〈10.1007/978-3-642-05031-2〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00420424
Contributeur : Hervé Marchand <>
Soumis le : vendredi 23 avril 2010 - 13:55:22
Dernière modification le : vendredi 27 octobre 2017 - 01:08:52
Document(s) archivé(s) le : vendredi 19 octobre 2012 - 13:36:31

Fichier

testcom-paper-13.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Hervé Marchand, Jérémy Dubreil, Thierry Jéron. Automatic Testing of Access Control for Security Properties. TESTCOM/FATES 2009, Nov 2009, Eindhoven, Netherlands. Springer-Verlag, 5826, pp.113-128, 2009, Lecture notes in computer science. 〈10.1007/978-3-642-05031-2〉. 〈inria-00420424〉

Partager

Métriques

Consultations de la notice

155

Téléchargements de fichiers

96