Conformance Testing of Temporal Role Based Access Control
Author
Ammar Masood, Arif Ghafoor, Aditya Mathur
Tech report number
CERIAS TR 2006-30
Abstract
Access control is a key security service at the foundation of information and system security. It has been extended with temporal constraints to support real-time considerations. Conformance testing of an access control implementation is crucial to ensure that it correctly enforces any required temporal and
non-temporal policies for access control. We propose an approach for conformance testing of implementations
required to enforce access control policies specified using Temporal Role Based Access Control (TRBAC) model. The proposed approach uses Timed Input Output Automata (TIOA) to model the behavior specified by a TRBAC policy. The TIOA model is then transformed to a deterministic se-FSA model that captures any temporal constraint by using two special events Set and Exp. Finally we adapt the W-method and use an integer programming based approach to construct a conformance test suite
from the transformed model. The conformance test suite so generated provides complete fault coverage
with respect to the proposed fault model for TRBAC specifications.
Institution
Purdue University, West Lafayette IN
Publication Date
2001-01-01