Undecidability of safety for the schematic protection model with cyclic creates
Journal of Computer and System Sciences
Elements of Style: Analyzing a Software Design Feature with a Counterexample Detector
IEEE Transactions on Software Engineering - Special issue: best papers of the 1996 international symposium on software testing and analysis ISSTA'96
Simple and fault-tolerant key agreement for dynamic collaborative groups
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Proceedings of the 11th USENIX Security Symposium
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
AFIPS '75 Proceedings of the May 19-22, 1975, national computer conference and exposition
Introduction to Algorithms, Third Edition
Introduction to Algorithms, Third Edition
Model-checking trace-based information flow properties
Journal of Computer Security
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Rigorous Analysis of UML Access Control Policy Models
POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Discovering access-control misconfigurations: new approaches and evaluation methodologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
Systematic Scenario-Based Analysis of UML Design Class Models
ICECCS '12 Proceedings of the 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems
Combining model checking and symbolic execution for software testing
TAP'12 Proceedings of the 6th international conference on Tests and Proofs
| Hi-index | 0.00 |
We motivate and address the problem of testing for properties of interest in real-world implementations of authorization systems. We adopt a 4-stage process: (1) express a property precisely using existential second-order logic, (2) establish types of traces that are necessary and sufficient to establish a property, (3) adopt finitizing assumptions and show that under those assumptions, verifying a property is in PSPACE, and, (4) use a model-checker as a trace-generator to generate instances of traces, and exercise the implementation to check for those traces. We discuss our design of a corresponding testing-system, and its use to test for qualitatively different kinds of properties in two commercial authorization systems. One is a database system that we call the D system, and the other is a file-sharing system that we call the I system. (We use pseudonyms at the request of the respective vendors.) In the context of the D system, our testing has uncovered several issues with its authorization system in the context of procedures that aggregate SQL statements that, to our knowledge, are new to the research literature. For the I system, we have established that it possesses several properties of interest.