An Access Control Model Based Testing Approach for Smart Card Applications: Results of the POSÉ Project
نویسندگان
چکیده
This paper is about generating security tests from the Common Criteria expression of a security policy, in addition to functional tests previously generated by a model-based testing approach. The method that we present re-uses the functional model and the concretization layer developed for the functional testing, and relies on an additional security policy model. We discuss how to produce the security policy model from a Common Criteria security target. We propose to compute the tests by using some test purposes as guides for the tests to be extracted from the models. We see a test purpose as the combination of a security property and a test need issued from the know-how of a security engineer. We propose a language based on regular expressions for the expression of such test purposes. We illustrate our approach by means of the IAS case study, a smart card application dedicated to the operations of Identification, Authentication and electronic Signature.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملA B Formal Framework for Security Developments in the Domain of Smart Card Applications
We propose in this paper a formal framework based on the B method, that supports the development of secured smart card applications. Accordingly to the Common Criteria methodology, we focus on the formal definition and modelling of access control policies by means of dedicated B models expressing, on one hand, the access control rules, and, on the other hand, the dynamics of the system. These m...
متن کاملUsing Model-Based Testing to Assess Smart Card Interoperability Conformance
Smart cards are being used to provide security for many types of applications, and with an estimated market of 3.3 billion in 2005, their usefulness is based on their intrinsic portability and security. The National Institute of Standards and Technology (NIST) initiated the Smart Card Interoperability Program to provide standards (Government Smart Card Interoperability Specification –GSC-IS) an...
متن کاملSpecification-driven Testing of Smart Card Interface Using a Formal Model
Model-Driven Engineering (MDE) is emerging as a promising approach that uses models to support various phases of system development lifecycle such as Code Generation and Verification/Validation (V &V). In this paper, we describe the application of a model-driven process in the V &V phase for developing automated tests for testing the conformance of a smart card implementation to an interface sp...
متن کاملProposing a Model for Patient Admission and NFC Mobile Payment by Biometric Identification and Smart Health Card
Abstract Following the advances in mobile communication and information technology, smart phones have been used in a wide variety of commercial, social, entertainment, file sharing and health transactions and applications. The current procedures in healthcare environment for patient registration, appointment scheduling and payment are time consuming and somehow tiresome. Traditionally, patie...
متن کامل