Wissam Mallouli

A formal approach for testing security rules

Nowadays, security policies are the key point of every modern infrastructure. The specification and the testing of such policies are the fundamental steps in the development of a secure system since any error in a set of rules is likely to harm the global security. To address both challenges, we propose a framework to specify security policies and test their implementation on a system. Our framework makes it possible to generate in an automatic manner, test sequences, in order to validate the conformance of a security policy. system behavior is specified using a formal description technique based on extended finite state machine (EFSM) [12]. The integration of security rules within the system specification is performed by specific algorithms. Then, the automatic tests generation is performed using a dedicated tool, called SIRIUS, developed in our laboratory. Finally, we briefly present a weblog system as a case study to demonstrate the reliability of our framework.

Security Rules Specification and Analysis Based on Passive Testing

Security is a critical issue in dynamic and open distributed environments such as network-based services or wireless networks. To ensure that a certain level of security is maintained in such environments, the system behavior has to be restrained by a security policy in order to regulate the nature and the context of actions that can be performed within the system, according to specific roles. In this paper, we propose a passive testing approach that permits to check whether a system respects its security policy. To reach this goal, we specify this policy using Nomad formal language which is based on deontic and temporal logics. This language is well adapted to passive testing methods that aim to analyze collected system execution traces in order to give a verdict about their conformity with to the system security requirements. Finally, we apply our methodology to an industrial case study provided by SAP group to demonstrate its reliability.

Testing Security Rules with Decomposable Activities

Checking that a security policy has been correctly deployed over a network is a key issue for system administrators. Specification and testing of such policies constitute fundamental steps in the development of a secure system. To address both challenges, we propose a framework to describe how modalities such as permissions, prohibitions and obligations -involving decomposable activities- can be integrated in a functional EFSM specification of a system to obtain a new specification of the system that takes into account the security policy. Then, we propose a method to automatically derive test sequences to test the implementation, using a dedicated tool developed in our laboratory. Finally, we apply our framework to a Weblog system case study to demonstrate its reliability.

Application of two test generation tools to an industrial case study

Many tools for test generation already exist and are used in industry; others are under development or improvement to allow faster generation and more effective tests. Comparing testing tools permits to acquire in-depth knowledge of the characteristics of each tool and to discover its strong points and limitations. Thus, the analysis of different automatic test generation tools provides a precise idea on the appropriate tool to be used to attain the expected results. This paper describes the application of two test generation tools to an industrial case study: a reverse directory telephone service similar to deployed services of this category developed by France Telecom. The tools used, for the automatic test generation, are a commercial tool TestComposer and SIRIUS, a tool developed by INT team. France Telecom R&D division provided the test campaign designed manually by a France Telecom service expert used to define the test objectives. The goal of this paper is to present the experimental results of tools application, to compare their performances and analyze some issues related to test execution.

Light Client Management Protocol for Wireless Mesh Networks

The future of wireless networks evolves toward more simple ways for users to get connected while on the move. In this perspective, Wireless Mesh Networks constitutes one of the key technologies for next generation wireless networks. In this paper we present LCMP, a new protocol for client management in wireless mesh networks. LCMP performs on-demand path setup for clients and supports clients mobility by introducing new light mechanisms that take full advantage of the mesh architecture. The work on LCMP and mesh routing is still in progress at LOMNT laboratory. In this papel; we highlight some ongoing work.

Distributed Monitoring in Ad Hoc Networks: Conformance and Security Checking

Ad hoc networks are exposed more than traditional networks to security threats due to their mobility and open architecture aspects. In addition, any dysfunction due to badly configured nodes can severely affect the network as all nodes participate in the routing task. For these reasons, it is important to check the validity of ad hoc protocols, to verify whether the running implementation is conform to its specification and to detect security flows in the network. In this paper, we propose a formal methodology to collect and analyze the network traffic trace. Observers running on a set of nodes collect local traces and send them later to a global observer that correlates them into a global trace thanks to an adapted time synchronization mechanism running in the network. The global trace is then analyzed to study the conformance and the security of the running routing protocol. This analysis is performed using dedicated algorithms that check the collected trace against a set of functional and security properties specified in an adapted formal language.

Practical Experience Gained from Passive Testing of Web Based Systems

In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target Web-based system implements its designed security requirements avoiding known vulnerabilities in HTTP-based solutions. To reach this aim, we can rely on several testing techniques and mainly on security passive testing approach that is becoming increasingly important to security-relevant aspects into web based software systems. This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT e-tourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain security-related invariants derived from SHIELDS models.

Modeling and Testing Secure Web-Based Systems: Application to an Industrial Case Study

Ensuring that a Web-based system respects its security requirements is a critical issue that has become more and more difficult to perform in these last years. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. To guarantee such a respect, we need to test the target Web system by applying a complete set of test cases covering all the possible scenarios. To reach this aim, we first specify the Web system behavior from its functional point of view using IF language. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security properties specified in Nomad language. This language is well adapted to express security properties with time constraints. Then, we use a dedicated tool called TestGen-IF, to perform an automatic test generation of test cases targeting security purposes. These test sequences are transformed in executable test cases that can be applied on a real Web application. We present in this paper an industrial Web-based system provided by France Telecom as a case study to demonstrate the reliability of our framework.

Modeling System Security Rules with Time Constraints Using Timed Extended Finite State Machines

Security and reliability are of paramount importance in designing and building real-time systems because any security failure can put the public and the environment at risk. In this paper, we propose a framework to take timed security requirements into account from the design stage of the system building. Our approach consists of two main steps. First, the system behavior is specified based on its functional requirements using TEFSM (Timed Extended Finite State Machine) formalism. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security properties specified in Nomad language. Nomad is a formal language well adapted to express timed security properties with timed constraints. We also briefly present a France Telecom Travel system as a case study to demonstrate the reliability of our framework.

Testing Security Policies for Web Applications

Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using specific algorithms. Then, we perform automatic test generation using a dedicated tool, called HJ2If, developed in our laboratory. Finally, we briefly present a Travel agency system as an ongoing case study to demonstrate the reliability of our framework.