Abstract
This paper is a contribution to the problem of getting confident in the fact that an implementation correctly meets a security policy assigned to it. To do so, we compute tests that exercise security properties issued from the security policy. We proceed by model based testing. Classically, we use a functional model that formalizes the functional specification. But we also use a second model, in the shape of security properties, that formalize a part of the security policy. Tests are computed from the security properties, with the formal functional model as an oracle.We first formalize the informal security requirements as regular expressions. Then we introduce mutations in the regular expressions as to reflect the specific situations in which we intend to test the security properties. These mutated regular expression are unfolded into abstract test sequences.We present a set of four mutation rules that apply to a class of properties that we call sequencing properties, and we experiment our method on a standard in the smart card domain named IAS, for Identification, Authentication and electronic Signature.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
