Cristin-resultat-ID: 1274924
Sist endret: 24. september 2015, 22:30
Resultat
Vitenskapelig foredrag
2008

A Model-Based Framework for Security Policies Specification, Deployment and Testing

Bidragsytere:
  • Franck Fleurey

Presentasjon

Navn på arrangementet: MoDELS/UML 2008 conference
Sted: Toulouse
Dato fra: 28. september 2008
Dato til: 3. oktober 2008

Arrangør:

Arrangørnavn: http://www.irit.fr/models/

Om resultatet

Vitenskapelig foredrag
Publiseringsår: 2008

Importkilder

SINTEF AS-ID: S9769

Beskrivelse Beskrivelse

Tittel

A Model-Based Framework for Security Policies Specification, Deployment and Testing

Sammendrag

In this paper, we propose a model-driven approach for specifying, deploying and testing security policies in Java applications. First, a security policy is specified independently of the underlying access control language (OrBAC, RBAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. This model is then automatically transformed into security policy for the XACML platform and integrated in the application using aspect-oriented programming. To qualify test cases that validate the security policy in the application, we inject faults into the policy. The fault model and the fault injection process are defined at the meta-model level, making the qualification process language-independent. Empirical results on 3 case studies explore both the feasibility of the approach and the efficiency of a full design & test MDE process.

Bidragsytere

Franck Fleurey

  • Tilknyttet:
    Forfatter
    ved Software and Service Innovation ved SINTEF AS
1 - 1 av 1