A Formal Equivalence Classes Based Method for Security Policy Conformance Checking

  • Eckehard Hermann
  • Udo Litschauer
  • Jürgen Fuß
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


Different security policy models have been developed and published in the past. Proven security policy models, if correctly implemented, guarantee the protection of data objects from unauthorized access or usage or prevent an illegal information flow. To verify that a security policy model has been correctly implemented, it is important to define and execute an exhaustive list of test cases, which verify that the formal security policy neither has been over-constrained nor under-constrained. In this paper we present a method for defining an exhaustive list of test cases, based on formally described equivalence classes that are derived from the formal security policy description.


security models test generation access control conformance testing 


  1. 1.
    Lampson, B.W.: Protection. In: Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, p. 437 (1971)Google Scholar
  2. 2.
    Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: IEEE Symposium on Security and Privacy, Oakland, pp. 206–214 (1989)Google Scholar
  3. 3.
    Lin, T.Y.: Chinese Wall Security Policy-An Aggressive Model. In: Proceedings of the Fifth Aerospace Computer Security Application Conference, December 4-8, pp. 286–293 (1989)Google Scholar
  4. 4.
    Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547, Vol. I. MITRE Corporation, Bedford (1973)Google Scholar
  5. 5.
    Clark, D., Wilson, D.: A Comparison of Commercial and Military Security Policies. In: IEEE Symposium on Security and Privacy, pp. 184–194 (1987)Google Scholar
  6. 6.
    Hermann, E.: The Limes Security Model for Information Flow Control. In: FARES Workshop of the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22-26 (2011)Google Scholar
  7. 7.
    Hu, H., Ahn, G.-J.: Enabling Verification and Conformance Testing for Access Control Model. In: SACMAT 2008, Estes Park, Colorado, USA, June 11-13 (2008)Google Scholar
  8. 8.
    Murnane, T., Reed, K.: On the Effectiveness of Mutation Analysis as a Black Box Testing Technique. In: 13th Australian Software Engineering Conference (ASWEC 2001), Canberra, Australia, August 27-28 (2001)Google Scholar
  9. 9.
    Grimm, R.: A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-Repudiation Proofs. In: International Conference on Emerging Security Information, Systems and Technologies, Athens, June 18-23 (2009)Google Scholar
  10. 10.
    Godefroid, P., Levin, M.Y., Molnar, D.: Automated Whitebox Fuzz Testing. In: Network and IT Security Conference, San Diego, CA, February 8-11 (2008)Google Scholar
  11. 11.
    Myers, G.: The Art of Software Testing. Wiley-Interscience Publication (1979)Google Scholar
  12. 12.
    Hu, V.C., Martin, E., Hwang, J., Xie, T.: Conformance Checking of Access Control Policies Specified in XACML. In: 31st Annual International Computer Software and Applications Conference, Beijing (2007)Google Scholar
  13. 13.
    Martin, E., Xie, T.: A fault model and mutation testing of access control policies. In: 16th International Conference on World Wide Web (May 2007)Google Scholar
  14. 14.
    Martin, E., Xie, T.: Automated test generation for access control policies. In: 17th IEEE International Conference on Software Reliability Engineering (November 2006)Google Scholar
  15. 15.
    Martin, E., Xie, T., Yu, T.: Defining and Measuring Policy Coverage in Testing Access Control Policies. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 139–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    De Angelis, G., Kirkham, T., Winfield, S.: Access Policy Compliance Testing in a User Centric Trust Service Infrastructure. In: QASBA 2011, Lugano, Switzerland, September 14 (2011)Google Scholar
  17. 17.
    Traon, Y.L., Mouelhi, T., Baudry, B.: Testing security policies: going beyond functional testing. In: 18th IEEE International Symposium on Software Reliability (ISSRE 2007), Sweden, November 5-9 (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Eckehard Hermann
    • 1
  • Udo Litschauer
    • 1
  • Jürgen Fuß
    • 1
  1. 1.Department of Secure Information SystemsUniversity of Applied Sciences Upper AustriaAustria

Personalised recommendations