Scalable and Effective Test Generation for Access Control Systems. Ammar Masood School of Electrical & Computer Engineering Purdue University 11 th September, 2006. Outline. Introduction Problems and Contributions – Part A Details of Proposed Solutions – Part B Conclusion and Future Work.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Scalable and Effective Test Generation for Access Control Systems
Ammar Masood
School of Electrical & Computer Engineering
Purdue University
11th September, 2006
1
2
3
*Data as of 8/30/06
4
5
6
RBAC is a promising approach for addressing diverse security needs of business organizations
Access control in organizations is based on “roles that individual users take on as part of the organization”
A role is “is a collection of permissions”
Constraints are applied to all the links
TRBAC extends RBAC by imposing duration constraints on userrole assignments/activations and permissionrole assignments
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
0000
DS11
DS21
AS21
AS11
DS21
DS11
1000
0010
DS11
AS21
AC21
AS11
DS21
AC11
DC11
DS21
DC21
DS11
1100
1010
0011
DS21
DS11
AC21
DC21
AC11
DC11
AS21
AS11
1110
1011
Two users, one role. Only one user can activate the role.
Number of states≤32.
AS: assign. DS: Deassign. AC: activate. DC: deactivate.
Xij: do X for user i role j.
29
H1: Separate assignment and activation
H2: Use FSM for activation and single test sequence for assignment
H3: Use single test sequence for assignment and activation
H4: Use a separate FSM for each user
H5: Use a separate FSM for each role
H6: Create user groups for FSM modeling.
30
00
00
AS11
AC11
AC21
DS11
DS21
DC11
DC21
DS21
DS11
AC21
AC11
10
10
AS21
01
01
11
AC21
00
AC11
00
AS21
AS11
DS21
DS21
DS11
DS11
AC21
AC11
10
11
10
11
DC21
DC11
Assignment Machine
Activation Machine
Heuristic 1
User u1 Machine
User u2 Machine
Heuristic 4
31
32
where
33
34
35
36
37
38
39
40
41
42
43
44
?AC(u1,r1,t2)
L0
L0 URassign(u1,r1)=0, URactive(u1,r1)=0
L1 URassign(u1,r1)=1, URactive(u1,r1)=0
L2 URassign(u1,r1)=1, URassign(u1,r1)=1
x1=t1
!DS(u1,r1)
x1=t1
!DS(u1,r1)
?AS(u1,r1,t1)
x1:=0
L1
L2
x2=t2
!DC(u1,r1)
?AC(u1,r1,t2)
x2:=0
45
46
47
?AS(u1,r1),
Set(x1,4)
?AC(u1,r1,t2)
0<x1<4
x1<x2
0<x1
0<x2
4<x1
x1<x2
0<x1<4
0<x2<2
4<x1
0<x2<2
0<x1<4
2<x2
4<x1
2<x2
l1
l0
l0
l1
l0
l2
l0
t1=4 and t2=2


2<x2x1<4
0<x1x2<4
2<x1x2<4


L0
Exp(x1,4),
!DS(u1,r1)
?AS(u1,r1),
Set(x1,4)
x1=t1
!DS(u1,r1)
x1=t1
!DS(u1,r1)
q2
q0
q1
?AS(u1,r1,t1)
x1:=0
?AC(u1,r1),
Set(x2,2)
Exp(x2,2),
!DC(u1,r1)
L1
L2
Exp(x2,2),?AS(u1,r1), Set(x1,4)
x2=t2
!DC(u1,r1)
q3
q4
Exp(x1,4),
!DS(u1,r1)
Exp(x1,4),
!DS(u1,r1)
?AC(u1,r1,t2)
x2:=0
seFSA
q5
Exp(x1,4), Exp (x2,2) !DS(u1,r1)
Exp(x2,2)
q6
48
49
pt1
50
Set(c,k)
TestController
ClockHandler
Exp(c,k)
Test System
State query
output
input
State info
ACUT
51
TRBAC
FM
correlated with
TIOA
FM
correlated with
seFSA
FM
52
53
54
Backup Slides
55
56
57
0000
transfer fault
0000
AS21
AS11
A transfer fault
AS11
DS21
0010
0010
AS11
transfer fault
f1: UR1 fault
UR1 and UR2 faults
58
59
Relation between FSM and RBAC Fault Model
60
t3
0000
DS11
DS21
t6
t1
AS21
t4
AS11
t7
DS21
t9
DS11
1000
0010
DS11
t2
AS21
AC21
AS11
DS21
t5
AC11
DC11
DS21
DC21
DS11
t10
t8
1100
1010
0011
DS21
DS11
AC21
DC21
AC11
DC11
AS21
AS11
1110
1011
00
00
t4
t6
t1
t3
AS21
AS11
DS21
DS21
DS11
DS11
t7
t9
t2
t5
AC21
AC11
10
11
10
11
t8
DC21
t10
DC11
FSM(P)
H4: Mu1 and Mu2
61