Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering.

Published byGregory McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering."— Presentation transcript:

1 1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering Department of Computer Science Purdue University Faculty: Arif Ghafoor (ECE) Aditya Mathur (CS) May 10, 2006 Oak Ridge National Lab, Oak Ridge, TN

2 2 Research Objective To develop and experiment with novel techniques for the generation of tests to test implementations of authentication protocols and access control policies.

3 3 Target security mechanisms Role based access control (RBAC) with or without temporal constraints. Authentication protocols (e.g. TLS)

4 4 Proposed Test Infrastructure (Access control) Access Control policy Policy verifier plugin Policy (internal representation) Policy model Policy tests Modeling plugin Test generator plugin Test harness IUT

5 5 Challenges Modeling: Naïve FSM or timed automata models are prohibitively large even for policies with 10 users and 5 roles (and 3 clocks). How to reduce model size and the tests generated? Test generation: How to generate tests to detect (ideally) all policy violation faults that might lead to violation of the policy? Test execution: Distributed policy enforcement?

6 6 Proposed Approach Express behavior implied by a policy as an FSM. Apply heuristics to scale down the model. Use the W- method, or its restricted form, to generate tests from the scaled down model. Generate additional tests using a combination of stress and random testing aimed at faults that might go undetected due to scaling.

7 7 Sample model Two users, one role. Only one user can activate the role. Number of states≤3 2. AS: assign. DS: De-assign. AC: activate. DC: deactivate. X ij : do X for user i role j.

8 8 Fault model

9 9 Tests generated

10 10 What is next… Modeling: Handling timing constraints? (timed automata, fault model, heuristics) Handling authentication protocols? (Statecharts, insecure paths, test generation) Dealing with concurrency? Experimentation: With large/realistic policies and commercial authentication protocols to assess the efficiency and effectiveness of the test generation methods. Prototype tool development (Money???)

Download ppt "1 Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood K. Jayaram School of Electrical and Computer Engineering."

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Department of Electronic Engineering Challenges & Proposals INFSO Information Day Research Networking Test-beds 26/27 May 2005,

Department of Electronic Engineering Challenges & Proposals INFSO Information Day Research Networking Test-beds 26/27 May 2005,
1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.

1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.

Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University

RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
Computer Science 162 Section 1 CS162 Teaching Staff.

Computer Science 162 Section 1 CS162 Teaching Staff.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.

Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
August 2006Scott Stoller, Stony Brook University1 Research in Formal Methods, Concurrent & Distributed Systems, and Programming Languages at Scott D. Stoller.

August 2006Scott Stoller, Stony Brook University1 Research in Formal Methods, Concurrent & Distributed Systems, and Programming Languages at Scott D. Stoller.
Lightweight Scalable Tool Sharing for the Internet Agustín J. González Department of Electronics Engineering Federico Santa María University Valparaíso,

Lightweight Scalable Tool Sharing for the Internet Agustín J. González Department of Electronics Engineering Federico Santa María University Valparaíso,
1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,

1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,
SACMAT02-1 Security Prototype Defining a Signature Constraint.

SACMAT02-1 Security Prototype Defining a Signature Constraint.
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.

Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.
Welcome Introduction and Overview Computer Science Research Practicum Fall 2012 Andrew Rosenberg.

Welcome Introduction and Overview Computer Science Research Practicum Fall 2012 Andrew Rosenberg.
Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.

Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Verification of Information Flow Properties in Cyber-Physical Systems Ravi Akella, Bruce McMillin Department of Computer Science Missouri University of.

Verification of Information Flow Properties in Cyber-Physical Systems Ravi Akella, Bruce McMillin Department of Computer Science Missouri University of.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
MS I Certificate in Internet Computing Elias Houstis Professor Aditya P. Mathur Professor and Associate Head Department of Computer Sciences Purdue University.

MS I Certificate in Internet Computing Elias Houstis Professor Aditya P. Mathur Professor and Associate Head Department of Computer Sciences Purdue University.

Similar presentations

Ads by Google