Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.

Published byQuintin Chilson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue."— Presentation transcript:

1 1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue University May 22, 2007 Joint work with: Professor Arif Ghafoor, ECE Graduate Students: Ammar Masood, ECE and K. Jayaram, CS

2 2 Research Question RequirementsModel Test Generation Tests Implementation How good are these tests? Finite State: Access control Statecharts: Authentication

3 3 Summary: Role Based Access Control Policy: Users, roles, permissions Users assigned to roles, roles to permissions. User roles activated prior to access. Static and dynamic separation of duty constraints (SSoD) based on activation and inheritance hierarchy relations. Allowable input requests for RBAC policy enforcer (e.g. assign, de-assign, activate, and de-activate)

4 4 Summary: Fault Model for RBAC Fault Types: FSM based (simple mutation-based) UR AssignmentPR AssignmentUR Activation UR1 UR2 UR1 UR2 UR1 UR2 Malicious Faults Counter-based I/O-based (ill-formed requests) Sequence-based

5 5 Summary: A: FSM-based Tests Role Based Access Control Tests generated directly from a finite state model are able to detect all faults considered. The cost-benefit ratio of FSM-based test generation is exceptionally high (~1.45x10 6 ). Experiments done using XGTRBAC: an RBAC policy enforcement implementation.

6 6 Summary: B: Reduced FSM-based Tests Role Based Access Control Tests generated from a reduced model have varying fault detection effectiveness (25%--100%). The cost-benefit ratio for such tests varies from 2 to 3561).

7 7 Summary: C: FSM-based Random Tests Role Based Access Control Tests generated randomly from a reduced model have varying fault detection effectiveness (42-- 100%). The cost-benefit ratio for such tests varies from 167--200x10 3).

8 8 Summary: Recommendation Role Based Access Control Use a heuristics based test generation technique combined with constrained random test generation. In addition, use white-box adequacy criteria to assess test adequacy and enhance the test generated using heuristics and random methods.

9 9 Summary: Authentication Transport Layer Protocol: GnuTLS Client-server application. Developed to conform to RFC 2246. Uses the TLS protocol for authenticating a user and a session. Handshake, renegotiate to establish and re-establish sessions. 30K LOC

10 10 Summary: Fault Model

11 11 Summary: Test adequacy

12 12 Summary: Recommendation Authentication Tests generated from statechart models must be augmented using tests generated using an orthogonal test generation technique. It might be difficult to detect malicious code using any test generation strategy that does not account for code coverage. Negative testing must be performed. [We do not have sufficient data to support this recommendation.]

13 13 Test Context For how many and which policies should we test?

14 14 RBAC Experiment: Policy Generation Map mutant to policy Mutate ACUT

15 15 What are we trying to show? Conformance to expected behavior:

16 16 Conformance Testing Procedures Used A: Transform a policy to FSM and generate tests directly. B: Use one or more heuristics to reduce the FSM and generate tests from the scaled down model. C: Randomly select paths of fixed length from the original model.

17 17 A: Policy--> FSM Two users (U=2), one role (R=1). Only one user can activate the role. Number of states~3 2. AS 11 0000 10000010 1100 1110 10100011 1011 AS 21 AC 11 AC 21 AS 21 AS 11 AC 21 AC 11 AS 11 DS 11 DS 21 DC 11 DS 21 DC 11 DS 11 DS 21 DS 11 DC 21 DS 21 DS 11 DS 21 AS: assign. DS: De-assign. AC: activate. DC: deactivate. X ij : do X for user i role j. Tests: 2T(2T+1)(4T) 2T+1 T=|U|x|R|

18 18 B: Policy-->Heuristics-->Model H1: Separate assignment and activation H2: Use FSM for activation and single test sequence for assignment H3: Use single test sequence for assignment and activation H4: Use a separate FSM for each user H5: Use a separate FSM for each role H6: Create user groups for FSM modeling.

19 19 Reduced Models AS 11 00 10 01 DS 21 DS 11 11 AS 21 DS 11 DS 21 AC 11 00 10 01 AC 21 DC 21 DC 11 AC 21 AC 11 Assignment MachineActivation Machine Heuristic 1 AS 11 00 1011 DS 11 AC 11 DC 11 AC 11 AS 21 00 1011 DS 21 AC 21 DC 21 AC 21 Heuristic 4 User u 1 MachineUser u 2 Machine

20 20 C: Policy-->Model-->Random tests Construct a pool RTi of n random tests of length i. Lengths of all tests in the pool RTi is close to or higher than the length of longest test generated using Procedure A. Total tests tests n is selected based on comparison with the maximum number of tests generated using the heuristics (Procedure B) Construct five test suites RTi1,…., RTi5 by randomly selecting fixed number p<n of tests from RTi p empirically chosen based on economical or statistical criterion

21 21 Empirical Evaluation : Setup Study carried out using the proposed functional testing methodology Stopping criterion – complete coverage of simple faults Policy meta set – comprises two policies Meta test sets – corresponding to the three procedures Test generation techniques used Heuristics: H3, H4 and H5 Random: RT4, RT6, RT10 and RT100 100 tests in each test suite RTij

22 22 Empirical Evaluation : Results

23 23 Empirical vs.Simulation

24 24 Future Work Test generation for TRBAC systems Extending the temporal constraints in TRBAC specification Extension of TRBC fault model Conducting an empirical evaluation Validation of global meta-policy in collaborative environments Regression testing techniques for access control systems

Download ppt "1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue."

Similar presentations

Automatic XACML requests generation for policy testing

Automatic XACML requests generation for policy testing
ISE480 Sequencing and Scheduling Izmir University of Economics 02.05.20151ISE480 2011 -2012 Fall Semestre.

ISE480 Sequencing and Scheduling Izmir University of Economics ISE Fall Semestre.
Prioritizing User-session-based Test Cases for Web Applications Testing Sreedevi Sampath, Renne C. Bryce, Gokulanand Viswanath, Vani Kandimalla, A.Gunes.

Prioritizing User-session-based Test Cases for Web Applications Testing Sreedevi Sampath, Renne C. Bryce, Gokulanand Viswanath, Vani Kandimalla, A.Gunes.
Foundations of Software Testing Chapter 1: Section 1.19 Coverage Principle and the Saturation Effect Aditya P. Mathur Purdue University Last update: August.

Foundations of Software Testing Chapter 1: Section 1.19 Coverage Principle and the Saturation Effect Aditya P. Mathur Purdue University Last update: August.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Department of CIS University of Pennsylvania 1/31/2001 Specification-based Protocol Testing Hyoung Seok Hong Oleg Sokolsky CSE 642.

Department of CIS University of Pennsylvania 1/31/2001 Specification-based Protocol Testing Hyoung Seok Hong Oleg Sokolsky CSE 642.
1 CS 430 / INFO 430 Information Retrieval Lecture 24 Usability 2.

1 CS 430 / INFO 430 Information Retrieval Lecture 24 Usability 2.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.

Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
Coverage Principle: A Mantra for Software Testing and Reliability Aditya P. Mathur Purdue University August 28, Cadence Labs, Chelmsford Last update:August.

Coverage Principle: A Mantra for Software Testing and Reliability Aditya P. Mathur Purdue University August 28, Cadence Labs, Chelmsford Last update:August.
1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,

1 Scalable and Effective Test Generation for Access Control Systems Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September,
DECISION SUPPORT FOR RE-PLANNING OF SOFTWARE PRODUCT RELEASES S. M. Didar-Al-Alam Dept. of Computer Science University of Calgary, Calgary, AB, Canada.

DECISION SUPPORT FOR RE-PLANNING OF SOFTWARE PRODUCT RELEASES S. M. Didar-Al-Alam Dept. of Computer Science University of Calgary, Calgary, AB, Canada.
1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Protocol Analysis/Testing Based on Sidhu et al in IEEE TSE 89 and TN 93 Figures from the papers.

Protocol Analysis/Testing Based on Sidhu et al in IEEE TSE 89 and TN 93 Figures from the papers.
January 27, 2002 ECEN5033 University of Colorado -- Class Testing 1 Specifying interactions Remainder of slides assume Operations defined by a class are.

January 27, 2002 ECEN5033 University of Colorado -- Class Testing 1 Specifying interactions Remainder of slides assume Operations defined by a class are.
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e (McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman.1.

These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e (McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman.1.
AMOST 20091 Experimental Comparison of Code-Based and Model-Based Test Prioritization Bogdan Korel Computer Science Department Illinois Institute of Technology.

AMOST Experimental Comparison of Code-Based and Model-Based Test Prioritization Bogdan Korel Computer Science Department Illinois Institute of Technology.
Class Specification Implementation Graph By: Njume Njinimbam Chi-Chang Sun.

Class Specification Implementation Graph By: Njume Njinimbam Chi-Chang Sun.
Program Evaluation. Program evaluation Methodological techniques of the social sciences social policy public welfare administration.

Program Evaluation. Program evaluation Methodological techniques of the social sciences social policy public welfare administration.

Similar presentations

Ads by Google