Enabling Verification and conformance testing for access control model

Hongxin Hu; Gail Joon Ahn

doi:10.1145/1377836.1377867

Enabling Verification and conformance testing for access control model

Hongxin Hu, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

58 Scopus citations

Abstract

Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.

Original language	English (US)
Title of host publication	SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages	195-204
Number of pages	10
DOIs	https://doi.org/10.1145/1377836.1377867
State	Published - 2008
Externally published	Yes
Event	13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States Duration: Jun 11 2008 → Jun 13 2008

Publication series

Name	Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference	13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
Country/Territory	United States
City	Estes Park, CO
Period	6/11/08 → 6/13/08

Keywords

Access control
Alloy
Model-based testing
Model-based verification
Sat solver

ASJC Scopus subject areas

Software
Computer Networks and Communications
Safety, Risk, Reliability and Quality
Information Systems

Access to Document

10.1145/1377836.1377867

Cite this

Enabling Verification and conformance testing for access control model. / Hu, Hongxin; Ahn, Gail Joon.
SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies. 2008. p. 195-204 1377867 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hu, H & Ahn, GJ 2008, Enabling Verification and conformance testing for access control model. in SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies., 1377867, Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 195-204, 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08, Estes Park, CO, United States, 6/11/08. https://doi.org/10.1145/1377836.1377867

@inproceedings{a538c98e610247bd92fa74254117f6fd,

title = "Enabling Verification and conformance testing for access control model",

abstract = "Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.",

keywords = "Access control, Alloy, Model-based testing, Model-based verification, Sat solver",

author = "Hongxin Hu and Ahn, {Gail Joon}",

year = "2008",

doi = "10.1145/1377836.1377867",

language = "English (US)",

isbn = "9781605581293",

series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

pages = "195--204",

booktitle = "SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies",

note = "13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 ; Conference date: 11-06-2008 Through 13-06-2008",

}

TY - GEN

T1 - Enabling Verification and conformance testing for access control model

AU - Hu, Hongxin

AU - Ahn, Gail Joon

PY - 2008

Y1 - 2008

N2 - Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.

AB - Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.

KW - Access control

KW - Alloy

KW - Model-based testing

KW - Model-based verification

KW - Sat solver

UR - http://www.scopus.com/inward/record.url?scp=57349119890&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57349119890&partnerID=8YFLogxK

U2 - 10.1145/1377836.1377867

DO - 10.1145/1377836.1377867

M3 - Conference contribution

AN - SCOPUS:57349119890

SN - 9781605581293

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 195

EP - 204

BT - SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies

T2 - 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08

Y2 - 11 June 2008 through 13 June 2008

ER -

Enabling Verification and conformance testing for access control model

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this