A model-based framework for security policy specification, deployment and testing

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5301 LNCS, Issue , 2008, Pages 537-552

  Mouelhi, Tejeddine ^a   Fleurey, Franck ^c   Baudry, Benoit ^b   Le Traon, Yves ^a  

^a ECOLE DES MINES DE NANTES   (France)

^b CAMPUS DE BEAULIEU   (France)

^c SINTEF   (Norway)

Author keywords

Metamodeling; Model driven engineering methodology; Security

Indexed keywords

ACCESS CONTROL; APPLICATIONS; JAVA PROGRAMMING LANGUAGE; LINGUISTICS; MODELS; PROCESS ENGINEERING; QUERY LANGUAGES; SECURITY SYSTEMS; SYSTEMS ANALYSIS;

ACCESS CONTROL LANGUAGES; ASPECT-ORIENTED PROGRAMMINGS; CASE STUDIES; CONSISTENCY CHECKS; EMPIRICAL RESULTS; FAULT INJECTIONS; FAULT MODELS; GENERIC SECURITIES; JAVA APPLICATIONS; METAMODELING; MODEL-BASED; QUALIFICATION PROCESSES; SECURITY; SECURITY POLICIES; TEST CASES;

PUBLIC POLICY;

EID: 56649117258     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-87875-9_38     Document Type: Conference Paper

References (11)

1. Le Traon, Y., Mouelhi, T., Pretschner, A., Baudry, B.: Test-Driven Assessment of Access Control in Legacy Applications. In: ICST 2008: First IEEE International Conference on Software, Testing, Verification and Validation (2008)
2. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224-274 (2001)
3. Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003)
4. DeMillo, R., Lipton, R., Sayward, F.: Hints on Test Data Selection: Help For The Practicing Programmer. IEEE Computer 11(4), 34-41 (1978)
5. Martin, E., Xie, T.: A Fault Model and Mutation Testing of Access Control Policies. In: Proceedings of the 16th International Conference on World Wide Web (2007)
6. Mouelhi, T., Le Traon, Y., Baudry, B.: Mutation analysis for security tests qualification. In: Mutation 2007: third workshop on mutation analysis in conjuction with TAIC-Part (2007)
7. Sun's XACML implementation, http : //sunxacml. sourceforge .net/
8. Le Traon, Y., Mouelhi, T., Baudry, B.: Testing security policies: going beyond functional testing. In: ISSRE 2007: The 18th IEEE International Symposium on Software Reliability Engineering (2007)
9. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Proceedings of the 5th International Conference on The Unified Modeling Language (2002)
10. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Proceedings of the 5th International Conference on The Unified Modeling Language (2002)
11. Masood, A., Ghafoor, A., Mathur, A.: Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies (2006)