ACM Transactions on Information and System Security (TISSEC)
Towards a completeness result for model checking of security protocols
Journal of Computer Security
Testing Concurrent Systems: A Formal Approach
CONCUR '99 Proceedings of the 10th International Conference on Concurrency Theory
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Introduction to Computer Security
Introduction to Computer Security
Automated Verification of Selected Equivalences for Security Protocols
LICS '05 Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science
Introduction to Discrete Event Systems
Introduction to Discrete Event Systems
Discrete Event Dynamic Systems
Integrating formal verification and conformance testing for reactive systems
IEEE Transactions on Software Engineering
Opacity generalised to transition systems
International Journal of Information Security
Test generation for network security rules
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Preserving secrecy under refinement
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Hi-index | 0.00 |
In this work, we investigate the combination of controller synthesis and test generation techniques for the testing of open, partially observable systems with respect to security policies. We consider two kinds of properties: integrity properties and confidentiality properties. We assume that the behavior of the system is modeled by a labeled transition system and assume the existence of a black-box implementation. We first outline a method allowing to automatically compute an ideal access control ensuring these two kinds of properties. Then, we show how to derive testers that test the conformance of the implementation with respect to its specification, the correctness of the real access control that has been composed with the implementation in order to ensure a security property, and the security property itself.