Sciweavers

GLOBECOM
2008
IEEE

Security Rules Specification and Analysis Based on Passive Testing

14 years 18 days ago
Security Rules Specification and Analysis Based on Passive Testing
Security is a critical issue in dynamic and open distributed environments such as network-based services or wireless networks. To ensure that a certain level of security is maintained in such environments, the system behavior has to be restrained by a security policy in order to regulate the nature and the context of actions that can be performed within the system, according to specific roles. In this paper, we propose a passive testing approach that permits to check whether a system respects its security policy. To reach this goal, we specify this policy using `Nomad' formal language which is based on deontic and temporal logics. This language is well adapted to passive testing methods that aim to analyze collected system execution traces in order to give a verdict about their conformity with to the system security requirements. Finally, we apply our methodology to an industrial case study provided by SAP group to demonstrate its reliability.
Wissam Mallouli, Fayçal Bessayah, Ana R. Ca
Added 08 Dec 2010
Updated 08 Dec 2010
Type Conference
Year 2008
Where GLOBECOM
Authors Wissam Mallouli, Fayçal Bessayah, Ana R. Cavalli, Azzedine Benameur
Comments (0)