An Investigation on Testing RBAC Constraints Presented by Jiao Chen 04/29/2003.

Slides:



Advertisements
Similar presentations
Role-Based Access Control CS461/ECE422 Fall 2011.
Advertisements

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Systems V & V, Quality and Standards
Ch6: Software Verification. 1 White-box testing  Structural testing:  (In)adequacy criteria  Control flow coverage criteria.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Specification and Enforcement of Authorization Constraints in Workflow Management Systems.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Merging Models Based on Given Correspondences Rachel A. Pottinger Philip A. Bernstein.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Ch6: Software Verification. 1 Statement coverage criterion  Informally:  Formally:  Difficult to minimize the number of test cases and still ensure.
Mobile Access Control Adriana Compagnoni Stevens Institute of Technology Joint work with Elsa L Gunter (UI-UC) Rutgers, February 3, 2006.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
1 Case Study: Starting the Student Registration System Chapter 3.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.
1 Lab Session-III CSIT-120 Fall 2000 Revising Previous session Data input and output While loop Exercise Limits and Bounds Session III-B (starts on slide.
Best Practices By Gabriel Rodriguez
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Overview of Software Testing 07/12/2013 WISTPC 2013 Peter Clarke.
CMSC 202 Exceptions. Aug 7, Error Handling In the ideal world, all errors would occur when your code is compiled. That won’t happen. Errors which.
Introduction Algorithms and Conventions The design and analysis of algorithms is the core subject matter of Computer Science. Given a problem, we want.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Role Based Access Control Update HL7 Working Group Meeting San Diego, CA - January 2007 Presented by: Suzanne Gonzales-Webb, CPhT VHA Office of Information.
Business Process Driven Framework for defining an Access Control Service based on Roles and Rules by Ramaswamy Chandramouli Computer Security Division,
FlexElink Winter presentation 26 February 2002 Flexible linking (and formatting) management software Hector Sanchez Universitat Jaume I Ing. Informatica.
G53SEC 1 Access Control principals, objects and their operations.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
White Box-based Coverage Testing (© 2012 Professor W. Eric Wong, The University of Texas at Dallas) 111 W. Eric Wong Department of Computer Science The.
Computer Science Conformance Checking of Access Control Policies Specified in XACML Vincent C. Hu (National Institute of Standards and Technology) Evan.
Chair of Software Engineering Exercise Session 6: V & V Software Engineering Prof. Dr. Bertrand Meyer March–June 2007.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
Advanced CAMP: BoF Summaries. 2 Role-based Access Control (RBAC)
12/13/20151 Computer Security Security Policies...
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL: 306, UNC Charlotte.
Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Computer Security: Principles and Practice
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
5/7/2007CoreMcClug/SELinux 1 By: Corey McClurg. Outline A History of SELinux What is SELinux and how do I get it? Getting Started Mandatory Access Control.
 Simulation enables the study of complex system.  Simulation is a good approach when analytic study of a system is not possible or very complex.  Informational,
1 Test Coverage Coverage can be based on: –source code –object code –model –control flow graph –(extended) finite state machines –data flow graph –requirements.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
Advanced Data Structures Lecture 1
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: System Protection
Control Flow Testing Handouts
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 4 Control Flow Testing
Outline of the Chapter Basic Idea Outline of Control Flow Testing
Structural testing, Path Testing
Requirements-Based Testing
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Dataflow Testing G. Rothermel.
Role-Based Access Control (RBAC)
Algorithms Take a look at the worksheet. What do we already know, and what will we have to learn in this term?
x-Value = The horizontal value in an ordered pair or input Function = A relation that assigns exactly one value in the range to each.
Access Control What’s New?
CMSC 202 Exceptions.
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Presentation transcript:

An Investigation on Testing RBAC Constraints Presented by Jiao Chen 04/29/2003

Project Objectives Develop coverage criteria for testing RBAC constraints Develop algorithms for statically checking the enforcement of RBAC constraints Generating test cases for RBAC constraints based on the developed coverage criteria

Significance of the Problem The RBAC has generated great interest in the security community as a flexible approach in access control. Constraints are an important aspect of access control and are a powerful mechanism for laying out a higher-level organization policy.

Significance of the Problem (cont’d) Issues of specification of constraints have received surprisingly little attention in the research literature [1]. Few literature discusses the testing of the RBAC constraints.

Coverage Criteria Coverage is an operational definition for a complete test suite. It is important to define the coverage criteria before generating test case. Classical coverage criteria, like statement coverage, c-use coverage, etc. are not suitable for testing RBAC constraints. New coverage criteria are needed.

Details of My Approach The work of this project is based on the constraints specification described in Ahn G-J. and Shin M. E.’s [1] paper. For each kind of RBAC constraints, static checking algorithm and corresponding coverage criterion is developed respectively. A case study is performed. Test cases are generated following the coverage criteria developed.

Category of Role-based Constraints Separation of duty constraints Prerequisite constraints Cardinality constraints

Separation of Duty Constraints Rule 1: Conflicting roles cannot be assigned to the same user. Criterion 1: All conflicting role pairs in the conflicting role set are exercised in negative way. That means, for each conflicting role pair, at least one test case should cover the violation of that conflicting role pair.

Static checking algorithm for Rule 1 Input: Conflicting role set A = {(r1, r1c), (r2, r2c), (ri, ric), …, (rn, rnc)}, Assigned role set B = {(r1u1, r2u1, r3u1, riu1, …, rnu1), (r1u2, r2u2, r3u2, riu2i, …, rnu2), (r1u3, r2u3, r3u3, riu3, …, rnu3), …, (r1un, r2un, r3un, riun, …, rnun)} Output: True -> The system enforces Rule 1 False -> The system does not enforce Rule 1 Initialization: flag = 0 For each user in the assigned role set B For each role assigned to that user, riui Go through the conflicting role set A if riui is one of ri flag = 1 Go through the corresponding assigned roles of that user, i.e., (r1u1, r2u1, r3u1, riu1, …, rnu1) if  riui  (r1u1, r2u1, r3u1, riu1, …, rnu1) and riui = ric flag = 2 if flag == 2 return false, exit else return true end for

Separation of Duty Constraints (cont’d) Rule 2: Conflicting permissions cannot be assigned to the same role. Criterion 2: All conflicting permission pairs in the conflicting permission set are exercised in negative way. That means, for each conflicting permission pair, at least one test case should cover the violation of that conflicting permission pair.

Separation of Duty Constraints (cont’d) Rule 3: Conflicting users cannot be assigned to the same role. Criterion 3: All conflicting user pairs in the conflicting user set are exercised in negative way. That means, for each conflicting user pair, at least one test case should cover the violation of that conflicting user pair.

Separation of Duty Constraints (cont’d) Rule 4: Conflicting roles cannot be activated in the same session. Criterion 4: All conflicting role pairs in the conflicting role set are exercised in negative way. That means, for each conflicting role pair, at least one test case should cover the violation of that conflicting role pair.

Prerequisite Constraints Rule 5: A user can be assigned to role r1 only if the user is already a member of role r2. Criterion 5: All role prerequisite pairs in the role prerequisite set are exercised in following two ways: –1. For each role prerequisite pair, (ria, rib), at least one test case should cover the violation of that role prerequisite pair. In other word, the test case should cover the situation when assigning a user to ria without rib existing. 2. For each role prerequisite pair, (ria, rib), at least one test case should cover the situation that when rib is revoked, ria should be revoked at the same time.

Prerequisite Constraints (cont’d) Rule 6: A permission p can be assigned to a role only if the role already possesses permission q. Criterion 6: All permission prerequisite pairs in the permission prerequisite set are exercised in following two ways: –1. For each permission prerequisite pair, (pia, pib), at least one test case should cover the violation of that permission prerequisite pair. In other word, the test case should cover the situation when pia is assigned to a role but that role doesn’t possess pib. –2. For each permission prerequisite pair, (pia, pib), at least one test case should cover the situation that when pib is revoked, pia should be revoked at the same time.

Cardinality Constraints Rule 7: Numerical limitation N that exists for the number of users authorized for a role cannot be exceeded. Rule 8: Numerical limitation N that exists for the number of sessions a user can have active at the same time cannot be exceeded.

Cardinality Constraints (cont’d) The domain testing strategy –Identify boundary conditions. –Select test values for variables in each boundary. –Select test values for variables not given in the boundary. –Determine expected results

Cardinality Constraints (cont’d) The “one-by-one” domain testing strategy calls for one on point and one off point for each domain boundary. Selection rules: –One on point and one off point for each relational condition. –Don’t repeat identical tests for adjacent subdomains.

Case Study The corporate banking application in Chandramouli R.’s paper [2]. The results of the case study are in Constraints Specification.doc file.

References [1] Ahn G-J. and Shin M. E., Role-based Authorization Constraints Specification Using Object Constraint Language, Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE Proceedings. Tenth IEEE International Workshops on, 2001, Page(s): [2] Chandramouli R. Application of XML tools for enterprise- wide RBAC implementation tasks Proceedings of the fifth ACM workshop on Role-based access control July 2000

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.