Abstract
Specifying a security policy (SP) is a challenging task in the development of secure communication systems since it is the bedrock of any security strategy. Paradoxically, this specification is error prone and can lead to an inadequate SP regarding the security needs. Therefore, it seems necessary to define an environment allowing one to “trust” the implemented SP. A testing task aims verifying whether an implementation is conforming to its specification. Test is generally achieved by generating and executing test cases. Some automated testing tools can be used from which model checkers. In fact, given a system modeling and a test objective, the model checker can generate a counterexample from which test cases can be deduced. The main proposition of this chapter is then a formal environment for SP test cases generation based on a system modeling, a SP specification (test purpose), and the use of a model checker. Once generated, these test cases must be improved in order to quantify their effectiveness to detect SP flaws. This is made through the generation of mutants.
Reference22 articles.
1. Abassi, R., & El Fatmi, S. G. (2008a). A Model for Specification and Validation of Security Policies in Communication Networks: the firewall case. Proceedings of ARES 2008, 467-473.
2. Abassi, R., & El Fatmi, S. G. (2008b). An Automated Validation Method for Security Policies: the firewall case. Proceedings of The Fourth International Conference on Information Assurance and Security, (IAS 2008), 291-294.
3. Towards a test cases generation method for Security Policies
4. Abassi, R. & El Fatmi, S.G. (2009). Executable Security Policies: Specification and Validation of Security Policies. International Journal of Wireless & Mobile Networks, 1(1).
5. Software Testing via Model Checking
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献