Testing Security Properties of Web Services

By Achim D. Brucker.

Today’s large enterprise systems are service-oriented, i. e., they are built by composing independent components, called services, that encapsulate a certain business functionality. Service-oriented enterprise system impose many challenges in general and in particular with respect to their security. The dynamic nature of service-oriented systems as well as the fact that a service-oriented system is usually composed out of services from many different providers, makes these system a particular interesting target for model-based or specification-based testing approaches. In this talk, we will motivate the challenges of testing service-oriented systems in general and, in particular, we will present an approach for modeling and (conformance) testing security policies for Web services. Our approach is based on previous work in using HOL-TestGen for conformance testing of security policies.

Please cite this work as follows:
A. D. Brucker, “Testing security properties of web services,” presented at the LRI/université research seminar, Université Paris Sud, May 02, 2012. Author copy: http://logicalhacking.com/publications/talk-brucker-ws-testing-2012/

BibTeX
@Unpublished{ talk:brucker:ws-testing:2012,
  date       = {2012-05-02},
  title      = {Testing Security Properties of Web Services},
  author     = {Achim D. Brucker},
  lecturer   = {Achim D. Brucker},
  eventtitle = {LRI/Universit{\'e} Research Seminar},
  venue      = {Universit{\'e} Paris Sud},
  address    = {Paris, France},
  language   = {USenglish},
  abstract   = {Today's large enterprise systems are service-oriented, i. e.,
                they are built by composing independent components, called
                services, that encapsulate a certain business functionality.
                Service-oriented enterprise system impose many challenges in
                general and in particular with respect to their security. The
                dynamic nature of service-oriented systems as well as the fact
                that a service-oriented system is usually composed out of
                services from many different providers, makes these system a
                particular interesting target for model-based or
                specification-based testing approaches. In this talk, we will
                motivate the challenges of testing service-oriented systems in
                general and, in particular, we will present an approach for
                modeling and (conformance) testing security policies for Web
                services. Our approach is based on previous work in using
                HOL-TestGen for conformance testing of security policies.},
  areas      = {software, formal methods},
  note       = {Author copy: \url{http://logicalhacking.com/publications/talk-brucker-ws-testing-2012/}},
}