Automatic generation of model based tests for a class of security properties

Autor: Pierre-Alain Masson, Jacques Julliand, Eddie Jaffuel, Georges Debois, Jean-Chritophe Plessis
Rok vydání: 2007
Předmět:
Zdroj: A-MOST
Popis: This paper is a contribution to the problem of getting confident in the fact that an implementation correctly meets a security policy assigned to it. To do so, we compute tests that exercise security properties issued from the security policy. We proceed by model based testing. Classically, we use a functional model that formalizes the functional specification. But we also use a second model, in the shape of security properties, that formalize a part of the security policy. Tests are computed from the security properties, with the formal functional model as an oracle.We first formalize the informal security requirements as regular expressions. Then we introduce mutations in the regular expressions as to reflect the specific situations in which we intend to test the security properties. These mutated regular expression are unfolded into abstract test sequences.We present a set of four mutation rules that apply to a class of properties that we call sequencing properties, and we experiment our method on a standard in the smart card domain named IAS, for Identification, Authentication and electronic Signature.
Databáze: OpenAIRE