1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering.

Slides:



Advertisements
Similar presentations
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Advertisements

Department of Electronic Engineering Challenges & Proposals INFSO Information Day Research Networking Test-beds 26/27 May 2005,
1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
Computer Science 162 Section 1 CS162 Teaching Staff.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
August 2006Scott Stoller, Stony Brook University1 Research in Formal Methods, Concurrent & Distributed Systems, and Programming Languages at Scott D. Stoller.
Lightweight Scalable Tool Sharing for the Internet Agustín J. González Department of Electronics Engineering Federico Santa María University Valparaíso,
1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,
SACMAT02-1 Security Prototype Defining a Signature Constraint.
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.
Welcome Introduction and Overview Computer Science Research Practicum Fall 2012 Andrew Rosenberg.
Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Verification of Information Flow Properties in Cyber-Physical Systems Ravi Akella, Bruce McMillin Department of Computer Science Missouri University of.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
MS I Certificate in Internet Computing Elias Houstis Professor Aditya P. Mathur Professor and Associate Head Department of Computer Sciences Purdue University.
Xiao Liu CS3 -- Centre for Complex Software Systems and Services Swinburne University of Technology, Australia Key Research Issues in.
OnTimeMeasure-GENI: Centralized and Distributed Measurement Orchestration Software Prasad Calyam, Ph.D. (PI) Paul Schopis, (Co-PI) Weiping Mandrawa (Network.
16 August Verilog++ Assertion Extension Requirements Proposal.
Li Xiong CS573 Data Privacy and Security Access Control.
CS ST0 Software Testing Spring 2011 Review Last updated: April 26, 2011 Aditya P. Mathur Purdue University.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.
____________________________ XML Access Control for Semantically Related XML Documents & A Role-Based Approach to Access Control For XML Databases BY Asheesh.
CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
ACT-PRO Action Protocol Tracer A Tool for Analyzing Simple, Rule- based Tasks Wai-Tat Fu & Wayne D. Gray ARCH Lab George Mason University.
June 13-15, 2007Policy 2007 Infrastructure-aware Autonomic Manager for Change Management H. Abdel SalamK. Maly R. MukkamalaM. Zubair Department of Computer.
The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San.
An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
Shortcomings of Traditional Backtrack Search on Large, Tight CSPs: A Real-world Example Venkata Praveen Guddeti and Berthe Y. Choueiry The combination.
Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.
May 7-8, 2007ICVCI 2007 RTP Autonomic Approach to IT Infrastructure Management in a Virtual Computing Lab Environment H. Abdel SalamK. Maly R. MukkamalaM.
1 Testing Implementations Of Access Control Systems (New Proposal) Ammar Masood: Graduate Student Arif Ghafoor (ECE) and Aditya Mathur (CS) Purdue University,
EEC 688/788 Secure and Dependable Computing Lecture 10 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Overview of MSU ESRDC Activities related to Computational Tools for Early State Design Dr. Noel Schulz Associate Professor and TVA Endowed Professorship.
Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for.
Data and Applications Security
OPERATING SYSTEMS CS 3502 Fall 2017
System Design and Modeling
Joseph JaJa, Mike Smorul, and Sangchul Song
Security Enhanced Administrative Role Based Access Control Models
Data and Applications Security
Research Topic Approval Presentation --- Instructions
Internet of Things: Security Challenges
Athith Amarnath, graduate Student Database and Security Research Group
Computer Science Department
Chapter 17: Confinement Problem
What is TECHNISCHE INFORMATIK / COMPUTER ENGINEERING ?
Role-Based Access Control Richard Newman (c) 2012 R. Newman
CS 522: Human-Computer Interaction Lab: Formative Evaluation
Jayaram KR Graduate Student - Computer Science Purdue University
EEC 688/788 Secure and Dependable Computing
Aiman H. El-Maleh Sadiq M. Sait Syed Z. Shazli
SCOTT NO meeting Measurement
Data and Applications Security Developments and Directions
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Data and Applications Security
Data and Applications Security
Presentation transcript:

1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering Department of Computer Science Purdue University Faculty: Arif Ghafoor (ECE) Aditya Mathur (CS) May 10, 2006 Oak Ridge National Lab, Oak Ridge, TN

2 Research Objective To develop and experiment with novel techniques for the generation of tests to test implementations of authentication protocols and access control policies.

3 Target security mechanisms Role based access control (RBAC) with or without temporal constraints. Authentication protocols (e.g. TLS)

4 Proposed Test Infrastructure (Access control) Access Control policy Policy verifier plugin Policy (internal representation) Policy model Policy tests Modeling plugin Test generator plugin Test harness IUT

5 Challenges Modeling: Naïve FSM or timed automata models are prohibitively large even for policies with 10 users and 5 roles (and 3 clocks). How to reduce model size and the tests generated? Test generation: How to generate tests to detect (ideally) all policy violation faults that might lead to violation of the policy? Test execution: Distributed policy enforcement?

6 Proposed Approach Express behavior implied by a policy as an FSM. Apply heuristics to scale down the model. Use the W- method, or its restricted form, to generate tests from the scaled down model. Generate additional tests using a combination of stress and random testing aimed at faults that might go undetected due to scaling.

7 Sample model Two users, one role. Only one user can activate the role. Number of states≤3 2. AS: assign. DS: De-assign. AC: activate. DC: deactivate. X ij : do X for user i role j.

8 Fault model

9 Tests generated

10 What is next… Modeling: Handling timing constraints? (timed automata, fault model, heuristics) Handling authentication protocols? (Statecharts, insecure paths, test generation) Dealing with concurrency? Experimentation: With large/realistic policies and commercial authentication protocols to assess the efficiency and effectiveness of the test generation methods. Prototype tool development (Money???)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.