An Access Control Model Based Testing Approach for Smart Card Applications: Results of the {POSÉ} Project

Autor: Masson, Pierre-Alain, Potet, Marie-Laure, Julliand, Jacques, Tissot, Régis, Debois, Georges, Legeard, Bruno, Chetali, Boutheina, Bouquet, Fabrice, Jaffuel, Eddie, Van Aertrick, Lionel, Andronick, June, Haddad, Amal
Přispěvatelé: Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC), Laboratoire d'Informatique de Grenoble (LIG), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), GEMALTO (GEMALTO), Smartesting (Smartesting), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC), SILICOMP-AQL (SILICOMP-AQL)
Jazyk: angličtina
Rok vydání: 2010
Předmět:
Zdroj: JIAS, Journal of Information Assurance and Security
JIAS, Journal of Information Assurance and Security, 2010, 5, pp.335-351
Popis: International audience; This paper is about generating security tests from the Common Criteria expression of a security policy, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the concretization layer developed for the functional testing, and relies on an additional security policy model. We discuss how to produce the security policy model from a Common Criteria security target. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach by means of the IAS case study, a smart card application dedicated to the operations of Identification, Authentication and electronic Signature.
Databáze: OpenAIRE
načítá se...