A Formal Equivalence Classes Based Method for Security Policy Conformance Checking - Multidisciplinary Research and Practice for Information Systems
Conference Papers Year : 2012

A Formal Equivalence Classes Based Method for Security Policy Conformance Checking

Eckehard Hermann
  • Function : Author
  • PersonId : 1010595
Udo Litschauer
  • Function : Author
  • PersonId : 1010596
Jürgen Fuss
  • Function : Author
  • PersonId : 1010597

Abstract

Different security policy models have been developed and published in the past. Proven security policy models, if correctly implemented, guarantee the protection of data objects from unauthorized access or usage or prevent an illegal information flow. To verify that a security policy model has been correctly implemented, it is important to define and execute an exhaustive list of test cases, which verify that the formal security policy neither has been over-constrained nor under-constrained. In this paper we present a method for defining an exhaustive list of test cases, based on formally described equivalence classes that are derived from the formal security policy description.
Fichier principal
Vignette du fichier
978-3-642-32498-7_12_Chapter.pdf (300.9 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01542451 , version 1 (19-06-2017)

Licence

Identifiers

Cite

Eckehard Hermann, Udo Litschauer, Jürgen Fuss. A Formal Equivalence Classes Based Method for Security Policy Conformance Checking. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Aug 2012, Prague, Czech Republic. pp.146-160, ⟨10.1007/978-3-642-32498-7_12⟩. ⟨hal-01542451⟩
210 View
130 Download

Altmetric

Share

More