Model-based Conformance Testing of Security Properties

By Achim D. Brucker and Lukas Brügger.

Modern systems need to comply to large and complex security policies that need to enforced at runtime. This runtime enforcement needs to happen on different levels, e.g., ranging from high level access control models to firewall rules.

We present an approach for the modular specification of security policies (e.g., access control policies, firewall policies). Based on this formal model, i.e, the specification, we discuss a model-based test case generation approach that can be used for both testing the correctness of the security infrastructure as well as the conformance of its configuration to a high-level security policy.

Please cite this work as follows:
A. D. Brucker and L. Brügger, “Model-based conformance testing of security properties,” presented at the Dagstuhl seminar 13012 “symbolic methods in testing,” Dagstuhl, Germany, Jan. 09, 2013. Author copy: http://logicalhacking.com/publications/talk-brucker.ea-security-conformance-2013/

BibTeX
@Unpublished{ talk:brucker.ea:security-conformance:2013,
  date              = {2013-01-09},
  title             = {Model-based Conformance Testing of Security Properties},
  author            = {Achim D. Brucker and Lukas Br{\"u}gger},
  venue             = {Dagstuhl, Germany},
  year              = {2013},
  slideshare        = {29126507},
  slideshare_width  = {427},
  slideshare_height = {356},
  eventtitle        = {Dagstuhl Seminar 13012 ``Symbolic Methods in Testing''},
  abstract          = {Modern systems need to comply to large and complex security
                       policies that need to enforced at runtime. This runtime
                       enforcement needs to happen on different levels, e.g., ranging
                       from high level access control models to firewall rules.
                       
                       We present an approach for the modular specification of
                       security policies (e.g., access control policies, firewall
                       policies). Based on this formal model, i.e, the specification,
                       we discuss a model-based test case generation approach that
                       can be used for both testing the correctness of the security
                       infrastructure as well as the conformance of its configuration
                       to a high-level security policy.},
  note              = {Author copy: \url{http://logicalhacking.com/publications/talk-brucker.ea-security-conformance-2013/}},
}