1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.

Slides:



Advertisements
Similar presentations
Automatic XACML requests generation for policy testing
Advertisements

ISE480 Sequencing and Scheduling Izmir University of Economics ISE Fall Semestre.
Prioritizing User-session-based Test Cases for Web Applications Testing Sreedevi Sampath, Renne C. Bryce, Gokulanand Viswanath, Vani Kandimalla, A.Gunes.
Foundations of Software Testing Chapter 1: Section 1.19 Coverage Principle and the Saturation Effect Aditya P. Mathur Purdue University Last update: August.
Software Testing and Quality Assurance
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Department of CIS University of Pennsylvania 1/31/2001 Specification-based Protocol Testing Hyoung Seok Hong Oleg Sokolsky CSE 642.
1 CS 430 / INFO 430 Information Retrieval Lecture 24 Usability 2.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
Coverage Principle: A Mantra for Software Testing and Reliability Aditya P. Mathur Purdue University August 28, Cadence Labs, Chelmsford Last update:August.
1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,
DECISION SUPPORT FOR RE-PLANNING OF SOFTWARE PRODUCT RELEASES S. M. Didar-Al-Alam Dept. of Computer Science University of Calgary, Calgary, AB, Canada.
1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Protocol Analysis/Testing Based on Sidhu et al in IEEE TSE 89 and TN 93 Figures from the papers.
January 27, 2002 ECEN5033 University of Colorado -- Class Testing 1 Specifying interactions Remainder of slides assume Operations defined by a class are.
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e (McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman.1.
AMOST Experimental Comparison of Code-Based and Model-Based Test Prioritization Bogdan Korel Computer Science Department Illinois Institute of Technology.
Class Specification Implementation Graph By: Njume Njinimbam Chi-Chang Sun.
Program Evaluation. Program evaluation Methodological techniques of the social sciences social policy public welfare administration.
Role-Based Access Control Richard Newman (c) 2012 R. Newman.
POAD Distributed System Case Study: A Medical Informatics System Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Testing : A Roadmap Mary Jean Harrold Georgia Institute of Technology Presented by : Navpreet Bawa.
© SERG Dependable Software Systems (Mutation) Dependable Software Systems Topics in Mutation Testing and Program Perturbation Material drawn from [Offutt.
Assessing the Suitability of UML for Modeling Software Architectures Nenad Medvidovic Computer Science Department University of Southern California Los.
Foundations of Software Testing Chapter 5: Test Selection, Minimization, and Prioritization for Regression Testing Last update: September 3, 2007 These.
Inferring Temporal Properties of Finite-State Machines with Genetic Programming GECCO’15 Student Workshop July 11, 2015 Daniil Chivilikhin PhD student.
An Iterative Heuristic for State Justification in Sequential Automatic Test Pattern Generation Aiman H. El-MalehSadiq M. SaitSyed Z. Shazli Department.
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
Department of CS and Mathematics, University of Pitesti State-based Testing is Functional Testing ! Florentin Ipate, Raluca Lefticaru University of Pitesti,
Software testing techniques Software testing techniques Mutation testing Presentation on the seminar Kaunas University of Technology.
Test Drivers and Stubs More Unit Testing Test Drivers and Stubs CEN 5076 Class 11 – 11/14.
CHAPTER 13 Acquiring Information Systems and Applications.
Li Xiong CS573 Data Privacy and Security Access Control.
Testing, Monitoring, and Control of Internet Services Aditya P. Mathur Purdue University Friday, April 15, Washington State University, Pullman,
CS ST0 Software Testing Spring 2011 Review Last updated: April 26, 2011 Aditya P. Mathur Purdue University.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
Extended Finite-State Machine Inference with Parallel Ant Colony Based Algorithms PPSN’14 September 13, 2014 Daniil Chivilikhin PhD student ITMO.
Mutation Testing G. Rothermel. Fault-Based Testing White-box and black-box testing techniques use coverage of code or requirements as a “proxy” for designing.
Comparing model-based and dynamic event-extraction based GUI testing techniques : An empirical study Gigon Bae, Gregg Rothermel, Doo-Hwan Bae The Journal.
Computer Science 1 Test Selection and Augmentation of Regression System Tests for Security Policy Evolution JeeHyun Hwang, Tao Xie, and collaborators at.
Center for Reliability Engineering Integrating Software into PRA B. Li, M. Li, A. Sinha, Y. Wei, C. Smidts Presented by Bin Li Center for Reliability Engineering.
WERST – Methodology Group
Testing Internet Services Sudipto Ghosh Sambhrama Mundkur Aditya P. Mathur: PI Ramkumar Natarajan Baskar Sridharan Department of Computer Sciences Purdue.
Chapter 24 객체지향 응용프로그램 테스팅 Testing Object-Oriented Applications 임현승 강원대학교 Revised from the slides by Roger S. Pressman and Bruce R. Maxim for the book.
1 Lecture 15: Chapter 19 Testing Object-Oriented Applications Slide Set to accompany Software Engineering: A Practitioner’s Approach, 7/e by Roger S. Pressman.
Improving Structural Testing of Object-Oriented Programs via Integrating Evolutionary Testing and Symbolic Execution Kobi Inkumsah Tao Xie Dept. of Computer.
OBJECT-ORIENTED TESTING. TESTING OOA AND OOD MODELS Analysis and design models cannot be tested in the conventional sense. However, formal technical reviews.
Software Testing Sudipto Ghosh CS 406 Fall 99 November 23, 1999.
Foundations of Software Testing Chapter 7: Test Adequacy Measurement and Enhancement Using Mutation Last update: September 3, 2007 These slides are copyrighted.
Testing, Monitoring, and Controlling CORBA-based Applications Sudipto Ghosh Priya Govindarajan Aditya P. Mathur Baskar Sridharan Software Engineering Research.
Foundations of Software Testing Chapter 7: Test Adequacy Measurement and Enhancement Using Mutation Last update: September 3, 2007 These slides are copyrighted.
Software Testing. SE, Testing, Hans van Vliet, © Nasty question  Suppose you are being asked to lead the team to test the software that controls.
CS223: Software Engineering Lecture 25: Software Testing.
1 Testing Implementations Of Access Control Systems (New Proposal) Ammar Masood: Graduate Student Arif Ghafoor (ECE) and Aditya Mathur (CS) Purdue University,
Cs498dm Software Testing Darko Marinov January 24, 2012.
TOSE 2016 Theories, Theories Everywhere © 2000-present, Dewayne E Perry 1 Theories, Theories Everywhere Dewayne E Perry ARiSE, ECE, UT Austin
1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering.
Aditya P. Mathur Purdue University
PREPARED BY G.VIJAYA KUMAR ASST.PROFESSOR
Systems Analysis and Design With UML 2
Testing Internet Services
Chapter 24 Testing Object-Oriented Applications
August Shi, Tifany Yung, Alex Gyori, and Darko Marinov
Role-Based Access Control Richard Newman (c) 2012 R. Newman
Chapter 19 Testing Object-Oriented Applications
Jayaram KR Graduate Student - Computer Science Purdue University
Aiman H. El-Maleh Sadiq M. Sait Syed Z. Shazli
Chapter 19 Testing Object-Oriented Applications
Presentation transcript:

1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue University May 22, 2007 Joint work with: Professor Arif Ghafoor, ECE Graduate Students: Ammar Masood, ECE and K. Jayaram, CS

2 Research Question RequirementsModel Test Generation Tests Implementation How good are these tests? Finite State: Access control Statecharts: Authentication

3 Summary: Role Based Access Control Policy: Users, roles, permissions Users assigned to roles, roles to permissions. User roles activated prior to access. Static and dynamic separation of duty constraints (SSoD) based on activation and inheritance hierarchy relations. Allowable input requests for RBAC policy enforcer (e.g. assign, de-assign, activate, and de-activate)

4 Summary: Fault Model for RBAC Fault Types: FSM based (simple mutation-based) UR AssignmentPR AssignmentUR Activation UR1 UR2 UR1 UR2 UR1 UR2 Malicious Faults Counter-based I/O-based (ill-formed requests) Sequence-based

5 Summary: A: FSM-based Tests Role Based Access Control Tests generated directly from a finite state model are able to detect all faults considered. The cost-benefit ratio of FSM-based test generation is exceptionally high (~1.45x10 6 ). Experiments done using XGTRBAC: an RBAC policy enforcement implementation.

6 Summary: B: Reduced FSM-based Tests Role Based Access Control Tests generated from a reduced model have varying fault detection effectiveness (25%--100%). The cost-benefit ratio for such tests varies from 2 to 3561).

7 Summary: C: FSM-based Random Tests Role Based Access Control Tests generated randomly from a reduced model have varying fault detection effectiveness ( %). The cost-benefit ratio for such tests varies from x10 3).

8 Summary: Recommendation Role Based Access Control Use a heuristics based test generation technique combined with constrained random test generation. In addition, use white-box adequacy criteria to assess test adequacy and enhance the test generated using heuristics and random methods.

9 Summary: Authentication Transport Layer Protocol: GnuTLS Client-server application. Developed to conform to RFC Uses the TLS protocol for authenticating a user and a session. Handshake, renegotiate to establish and re-establish sessions. 30K LOC

10 Summary: Fault Model

11 Summary: Test adequacy

12 Summary: Recommendation Authentication Tests generated from statechart models must be augmented using tests generated using an orthogonal test generation technique. It might be difficult to detect malicious code using any test generation strategy that does not account for code coverage. Negative testing must be performed. [We do not have sufficient data to support this recommendation.]

13 Test Context For how many and which policies should we test?

14 RBAC Experiment: Policy Generation Map mutant to policy Mutate ACUT

15 What are we trying to show? Conformance to expected behavior:

16 Conformance Testing Procedures Used A: Transform a policy to FSM and generate tests directly. B: Use one or more heuristics to reduce the FSM and generate tests from the scaled down model. C: Randomly select paths of fixed length from the original model.

17 A: Policy--> FSM Two users (U=2), one role (R=1). Only one user can activate the role. Number of states~3 2. AS AS 21 AC 11 AC 21 AS 21 AS 11 AC 21 AC 11 AS 11 DS 11 DS 21 DC 11 DS 21 DC 11 DS 11 DS 21 DS 11 DC 21 DS 21 DS 11 DS 21 AS: assign. DS: De-assign. AC: activate. DC: deactivate. X ij : do X for user i role j. Tests: 2T(2T+1)(4T) 2T+1 T=|U|x|R|

18 B: Policy-->Heuristics-->Model H1: Separate assignment and activation H2: Use FSM for activation and single test sequence for assignment H3: Use single test sequence for assignment and activation H4: Use a separate FSM for each user H5: Use a separate FSM for each role H6: Create user groups for FSM modeling.

19 Reduced Models AS DS 21 DS AS 21 DS 11 DS 21 AC AC 21 DC 21 DC 11 AC 21 AC 11 Assignment MachineActivation Machine Heuristic 1 AS DS 11 AC 11 DC 11 AC 11 AS DS 21 AC 21 DC 21 AC 21 Heuristic 4 User u 1 MachineUser u 2 Machine

20 C: Policy-->Model-->Random tests Construct a pool RTi of n random tests of length i. Lengths of all tests in the pool RTi is close to or higher than the length of longest test generated using Procedure A. Total tests tests n is selected based on comparison with the maximum number of tests generated using the heuristics (Procedure B) Construct five test suites RTi1,…., RTi5 by randomly selecting fixed number p<n of tests from RTi p empirically chosen based on economical or statistical criterion

21 Empirical Evaluation : Setup Study carried out using the proposed functional testing methodology Stopping criterion – complete coverage of simple faults Policy meta set – comprises two policies Meta test sets – corresponding to the three procedures Test generation techniques used Heuristics: H3, H4 and H5 Random: RT4, RT6, RT10 and RT tests in each test suite RTij

22 Empirical Evaluation : Results

23 Empirical vs.Simulation

24 Future Work Test generation for TRBAC systems Extending the temporal constraints in TRBAC specification Extension of TRBC fault model Conducting an empirical evaluation Validation of global meta-policy in collaborative environments Regression testing techniques for access control systems