Retaining Consistency for Knowledge-Based Security Testing

نویسندگان

  • Andreas Bernauer
  • Josip Bozic
  • Dimitris E. Simos
  • Severin Winkler
  • Franz Wotawa
چکیده

Testing of software and systems requires a set of inputs to the system under test as well as test oracles for checking the correctness of the obtained output. In this paper we focus on test oracles within the domain of security testing, which require consistent knowledge of security policies. Unfortunately, consistency of knowledge cannot always be ensured. Therefore, we strongly require a process of retaining consistencies in order to provide a test oracle. In this paper we focus on an automated approach for consistency handling that is based on the basic concepts and ideas of model-based diagnosis. Using a brief example, we discuss the underlying method and its application in the domain of security testing. The proposed algorithm guarantees to find one root cause of an inconsistency and is based on theorem proving.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Security testing of session initiation protocol implementations

The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...

متن کامل

x-RDF-3X: Fast Querying, High Update Rates, and Consistency for RDF Databases

The RDF data model is gaining importance for applications in computational biology, knowledge sharing, and social communities. Recent work on RDF engines has focused on scalable performance for querying, and has largely disregarded updates. In addition to incremental bulk loading, applications also require online updates with flexible control over multi-user isolation levels and data consistenc...

متن کامل

Meta-Data for Enterprise-Wide Security Administration

The paper gives an overview on the meta-data specification for administrating and enforcing enterprisewide security for heterogeneous and distributed information systems. The meta-data serves as a basis to maintain enterprise-wide security information centrally, to integrate isolated security specifications, to keep the consistency between different security policies, and to perform access cont...

متن کامل

Knowledge-based security administration in a distributed environment

The problem of computer security ha s recently become more prominent, especially with the growing interest in distributed systems . One major aspect is access control, especially to ensure that only those users who need to work with sensitive data are authorized to do so . A major drawback of most existing systems for security administration is the difficulty to enforce the compliance of a n ac...

متن کامل

An automatic test case generator for evaluating implementation of access control policies

One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014