Test Generation from Security Policies Specified in Or-BAC

Authors:
Keqin Li;Laurent Mounier;Roland Groz
Affiliations:
Grenoble Universités, France;Grenoble Universités, France;Grenoble Universités, France
Venue:
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Year:
2007

Citing 0
Cited 5

Modeling System Security Rules with Time Constraints Using Timed Extended Finite State Machines

DS-RT '08 Proceedings of the 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications
Towards a test cases generation method for security policies

ICT'09 Proceedings of the 16th international conference on Telecommunications
Dynamic deployment of context-aware access control policies for constrained security devices

Journal of Systems and Software
A systematic approach to integrate common timed security rules within a TEFSM-based system specification

Information and Software Technology
A model-based approach to automated testing of access control policies

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security policy testing is a practical way to ensure security policies are correctly implemented in information or networking systems with a certain level of confidence. In this paper, we adapt model based testing techniques for formal models of security policies, and propose a two stage approach to produce test cases from a security policy specified in Or-BAC, i.e., test purpose generation from Or-BAC rules, and test case generation from test purposes.