Enabling Verification and conformance testing for access control model

Hongxin Hu, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

56 Scopus citations

Abstract

Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.

Original languageEnglish (US)
Title of host publicationSACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages195-204
Number of pages10
DOIs
StatePublished - Dec 15 2008
Externally publishedYes
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: Jun 11 2008Jun 13 2008

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
CountryUnited States
CityEstes Park, CO
Period6/11/086/13/08

Keywords

  • Access control
  • Alloy
  • Model-based testing
  • Model-based verification
  • Sat solver

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'Enabling Verification and conformance testing for access control model'. Together they form a unique fingerprint.

  • Cite this

    Hu, H., & Ahn, G. J. (2008). Enabling Verification and conformance testing for access control model. In SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (pp. 195-204). [1377867] (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1377836.1377867