Retaining Consistency for Knowledge-Based Security Testing
نویسندگان
چکیده
Testing of software and systems requires a set of inputs to the system under test as well as test oracles for checking the correctness of the obtained output. In this paper we focus on test oracles within the domain of security testing, which require consistent knowledge of security policies. Unfortunately, consistency of knowledge cannot always be ensured. Therefore, we strongly require a process of retaining consistencies in order to provide a test oracle. In this paper we focus on an automated approach for consistency handling that is based on the basic concepts and ideas of model-based diagnosis. Using a brief example, we discuss the underlying method and its application in the domain of security testing. The proposed algorithm guarantees to find one root cause of an inconsistency and is based on theorem proving.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملx-RDF-3X: Fast Querying, High Update Rates, and Consistency for RDF Databases
The RDF data model is gaining importance for applications in computational biology, knowledge sharing, and social communities. Recent work on RDF engines has focused on scalable performance for querying, and has largely disregarded updates. In addition to incremental bulk loading, applications also require online updates with flexible control over multi-user isolation levels and data consistenc...
متن کاملMeta-Data for Enterprise-Wide Security Administration
The paper gives an overview on the meta-data specification for administrating and enforcing enterprisewide security for heterogeneous and distributed information systems. The meta-data serves as a basis to maintain enterprise-wide security information centrally, to integrate isolated security specifications, to keep the consistency between different security policies, and to perform access cont...
متن کاملKnowledge-based security administration in a distributed environment
The problem of computer security ha s recently become more prominent, especially with the growing interest in distributed systems . One major aspect is access control, especially to ensure that only those users who need to work with sensitive data are authorized to do so . A major drawback of most existing systems for security administration is the difficulty to enforce the compliance of a n ac...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014