Computer Science 1 Test Selection and Augmentation of Regression System Tests for Security Policy Evolution JeeHyun Hwang, Tao Xie, and collaborators at.

Slides:

Advertisements

Similar presentations

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

Advertisements

Operating System Security

Testing and Quality Assurance

An Evaluation of MC/DC Coverage for Pair-wise Test Cases By David Anderson Software Testing Research Group (STRG)

Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.

1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.

First Step Towards Automatic Correction of Firewall Policy Faults Fei Chen Alex X. Liu Computer Science and Engineering Michigan State University JeeHyun.

Prioritizing User-session-based Test Cases for Web Applications Testing Sreedevi Sampath, Renne C. Bryce, Gokulanand Viswanath, Vani Kandimalla, A.Gunes.

XEngine: A Fast and Scalable XACML Policy Evaluation Engine Fei Chen Dept. of Computer Science and Engineering Michigan State University Joint work with.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

12 -1 Lecture 12 User Modeling Topics –Basics –Example User Model –Construction of User Models –Updating of User Models –Applications.

Configuration Management

[ §4 : 1 ] 4. Requirements Processes II Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Software Requirements Specification.

State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.

PJSISSTA '001 Black-Box Test Reduction Using Input-Output Analysis ISSTA ‘00 Patrick J. Schroeder, Bogdan Korel Department of Computer Science Illinois.

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

Software Reliability Growth. Three Questions Frequently Asked Just Prior to Release 1.Is this version of software ready for release (however “ready” is.

AMOST Experimental Comparison of Code-Based and Model-Based Test Prioritization Bogdan Korel Computer Science Department Illinois Institute of Technology.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

CLEANROOM SOFTWARE ENGINEERING.

CPIS 357 Software Quality & Testing

Class Specification Implementation Graph By: Njume Njinimbam Chi-Chang Sun.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

Overview of Software Testing 07/12/2013 WISTPC 2013 Peter Clarke.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

Application Code PDP PEP public void borrowBook (User user, Book book, Context context) throws PolicyViolationException { Request request = new Request.

Mining and Analysis of Control Structure Variant Clones Guo Qiao.

Event Management & ITIL V3

Lecturer: Gareth Jones. How does a relational database organise data? What are the principles of a database management system? What are the principal.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.

Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.

Yazd University, Electrical and Computer Engineering Department Course Title: Advanced Software Engineering By: Mohammad Ali Zare Chahooki 1 Machine Learning.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

Computer Science Systematic Testing and Verification of Security Policies Tao Xie Department of Computer Science North Carolina State University

Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay.

Model Checking Grid Policies JeeHyun Hwang, Mine Altunay, Tao Xie, Vincent Hu Presenter: tanya levshina International Symposium on Grid Computing (ISGC.

Computer Science Conformance Checking of Access Control Policies Specified in XACML Vincent C. Hu (National Institute of Standards and Technology) Evan.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Secure Systems Research Group - FAU 1 A Trust Model for Web Services Ph.D Dissertation Progess Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

Using Social Network Analysis Methods for the Prediction of Faulty Components Gholamreza Safi.

Computer Science 1 Detection of Multiple-Duty-Related Security Leakage in Access Control Policies JeeHyun Hwang 1, Tao Xie 1, and Vincent Hu 2 North Carolina.

September XACML: Consistency analysis Luigi Logrippo Université du Québec University of Ottawa

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

Computer Science 1 Systematic Structural Testing of Firewall Policies JeeHyun Hwang 1, Tao Xie 1, Fei Chen 2, and Alex Liu 2 North Carolina State University.

System Maintenance Modifications or corrections made to an information system after it has been released to its customers Changing an information system.

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

OBJECT-ORIENTED TESTING. TESTING OOA AND OOD MODELS Analysis and design models cannot be tested in the conventional sense. However, formal technical reviews.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Mutation Testing Laraib Zahid & Mariam Arshad. What is Mutation Testing?  Fault-based Testing: directed towards “typical” faults that could occur in.

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

1 Visual Computing Institute | Prof. Dr. Torsten W. Kuhlen Virtual Reality & Immersive Visualization Till Petersen-Krauß | GUI Testing | GUI.

OICA „Certification of automated Vehicles“

Regression Testing with its types

White-Box Testing.

UNIT-4 BLACKBOX AND WHITEBOX TESTING

Internal control - the IA perspective

White-Box Testing.

Test Case Purification for Improving Fault Localization

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Service Oriented Architectures (SOA): What Users Need to Know.

Overview of Database Security

George Mason University

By Hyunsook Do, Sebastian Elbaum, Gregg Rothermel

UNIT-4 BLACKBOX AND WHITEBOX TESTING

Software Configuration Management

Mitigating the Effects of Flaky Tests on Mutation Testing

Presentation transcript:

Computer Science 1 Test Selection and Augmentation of Regression System Tests for Security Policy Evolution JeeHyun Hwang, Tao Xie, and collaborators at Univeristy of Luxembourg

2 Access Control Access control is one of the most widely used privacy and security mechanisms – used to control which principals (e.g., users or processes) have access to which resources Access control is often governed by security policies called Access Control Policies (ACP) Security policies are often specified and maintained separately from application code

3 Motivation Security requirements change over times -> Security policies are often evolved Security policy changes may introduce security faults (e.g., unauthorized access) System developers execute system test cases to ensure that behavior changes (introduced by security policy changes) are expected

4 Problem Two pitfalls of executing all of existing system test cases – Executing all of existing system test cases is time consuming – Existing system test cases may not expose behavior changes sufficiently induced by security policy changes There are no existing approaches for testing applications effectively in the context of security policy evolution

5 Our Goal Regression system test cases for policy evolution – Select and execute only system test cases (from an existing test suite), which expose behavior changes – Augment system test cases to expose behavior changes (which are not exposed with existing system tests)

6 Challenges Select and augment regression system test cases impacted by policy changes with low false-positives and false-negatives – require to analyze effects correctly of policy changes – require to monitor interactions correctly between system test cases and security policies

7 Definition: Coverage Coverage for security policies – measure which rules of the policy are involved (called “covered”) in policy evaluation [Martin et al. WWW 07]

8 Test Selection Technique I Find system test cases impacted for policy changes by mutation analysis [Setup: rule-test correlation] 1.Policy P and its mutant Pm by changing rule r i ’s decision (e.g., Permit -> Deny) 2.Execute system test cases T (for P and Pm ) 3.Correlate r i with tests T imp (T imp ЄT) which expose different behaviors 4.Continue until we find each rule’s correlated system test cases in turn

9 Test Selection Technique I - cont [Test selection for policy changes] 1.Find rules R impacted by policy changes 2.Select system test cases correlated with a rule r Є R Cost: given n rules in P, we need to execute T for 2*n times. However, we are enabled to conduct setup process prior to encountering policy changes.

10 Test Selection Technique II Find system test cases impacted for policy changes by analyzing which rules are evaluated (i.e., covered) [Setup: rule-test correlation] – Execute systems test cases T – Detect which rules rs are evaluated for each system test case T imp – Correlate a rule r with its corresponding system test cases

11 Test Selection Technique II [Test selection for policy changes] 1.Find rules R impacted by policy changes 2.Select system test cases correlated with a rule r Є R Cost: given n rules in P, we need to execute T once. However, we are enabled to conduct setup process prior to encountering policy changes.

12 Test Selection Techniques III Find system test cases impacted for policy changes by recording and evaluating requests [Setup: request collection] 1.Record all requests issued to policy decision point (PDP) for each system test case

13 Test Selection Techniques III - cont [Test selection for policy changes] 1.Select requests (with corresponding system test cases) to evaluate different decisions for two different policy versions Cost: given n rules, we need to execute all of system test cases for only once.

14 Test Augmentation Technique Augment system test cases for policy evolution 1.Collect request-response pairs qs, which expose different policy behaviors 2.Select only pairs qs i (qs i С qs ), which are not exposed with T 3.Find system test cases to issue requests in high similarity with qs i 4.Manually modify system test cases to issue a request q (q Є qs i )

15 A collection of Java programs interacting with security policies Evaluation Subjects Subject Names # classes# methodLOC LMS VMS ASMS

16 Research Questions RQ1: How effectively our proposed techniques select system test cases with policy changes? – Precision and recall – Cost of each technique: elapsed time for execution and the number of test runs RQ2: How effectively our test augmentation technique suggests system test cases (which expose policy behavior differences) while existing system test cases cannot expose such differences? – Precision and recall

17

18 Open Questions How to correlate unit test cases with each changed location? – Our techniques are sound assuming when we apply rule decision change mutation – For rule addition/deletion, we may correlate unit test cases to a default-fall-through rule or non-applicable cases – If we consider other types of mutants (e.g., rule combination), it would be challenging

19 Open Questions – cont’ How to partition of difference-exposing policy unit test cases produced by Margrave – For OrBAC, each rule is evaluated by only one request. I think that each request represents one category. (I need to synthesize outcome of Margrave to find all possible requests). – In general, a XACML policy may include rules to be applicable for more than one request, we may categorize requests based on covering rules. Consider that req1 and req2 cover rule 1. We classify these two requests into the same category.