Systematic Testing and Verification of Security Policies
Speakers: Tao Xie
Topic(s): Security & Information Protection,Software Engineering
Access control is one of the most fundamental and widely used privacy and security mechanisms at both application and network levels. Given the high importance and delicacy of security policies, ensuring the correctness of security policies is important, and yet difficult. A tiny error in security policies could lead to irreparable, if not tragic, consequences. Therefore, identifying discrepancies between policy specifications and their intended function is a crucial task. To achieve this goal, security policies must undergo systematic, rigorous testing and verification to ensure that they truly represent the intention of their policy authors. In this talk, the speaker presents state-of-the-art research work on new techniques and tools for systematic testing and verification of security policies. Example security policies include firewall policies and access control policies such as those written in XACML. Example systematic testing techniques include techniques for coverage criteria, test generation, and test oracles. Example systematic verification techniques include techniques for property specification, property inference, and policy verification.
About this Lecture
Number of Slides: 50
Duration: 60 minutes
Languages Available: English
Last Updated: 03-04-2011
Request this Lecture
To request this particular lecture, please complete this online form.
Request a Tour
To request a tour with this speaker, please complete this online form.
All requests will be sent to ACM headquarters for review.