Skip to Main Content
We propose an approach to generate and execute tests of the conformance of a system to a given security policy. The method is rule-based: it generates test cases directly from a security policy expressed as a set of security requirements, using two relations: one between predicates appearing in the rules and elementary test cases, called tiles, used to test predicates in the system, and another one between logical operators and test case combinators. The proposed method is semi-automatic, and takes into account all the steps necessary to execute the test cases, from the formalization of security requirements to the execution of test cases on a real system. We describe the implementation of the method we developed and a first series of experiments taking advantage of this implementation.
Date of Conference: 9-11 April 2008