Enabling verification and conformance testing for access control model Export

@inproceedings{Hu08, abstract = {Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.}, address = {New York, NY, USA}, author = {Hu, Hongxin and Ahn, Gail-Joon}, booktitle = {SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies}, citeulike-article-id = {5649800}, citeulike-linkout-0 = {http://portal.acm.org/citation.cfm?id=1377836.1377867}, citeulike-linkout-1 = {http://dx.doi.org/10.1145/1377836.1377867}, doi = {10.1145/1377836.1377867}, isbn = {978-1-60558-129-3}, keywords = {2008, access-control, alloy, analysis, assurance, automatic, conformance, framework, management, rcl2000, role-based-access-control, sat-solver, security, testing, verification}, location = {Estes Park, CO, USA}, pages = {195--204}, posted-at = {2009-08-26 10:18:16}, priority = {2}, publisher = {ACM}, title = {Enabling verification and conformance testing for access control model}, url = {http://dx.doi.org/10.1145/1377836.1377867}, year = {2008} }

TY - CONF ID - Hu08 L3 - citeulike-article-id:5649800 N2 - Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset. CY - Estes Park, CO, USA SN - 978-1-60558-129-3 AD - New York, NY, USA EP - 204 TI - Enabling verification and conformance testing for access control model PB - ACM T2 - SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies SP - 195 KW - 2008 KW - access-control KW - alloy KW - analysis KW - assurance KW - automatic KW - conformance KW - framework KW - management KW - rcl2000 KW - role-based-access-control KW - sat-solver KW - security KW - testing KW - verification AU - Hu, Hongxin AU - Ahn, Gail-Joon PY - 2008/// UR - http://dx.doi.org/10.1145/1377836.1377867 ER -