Test Generation for Network Security Rules

  • Vianney Darmaillacq
  • Jean-Claude Fernandez
  • Roland Groz
  • Laurent Mounier
  • Jean-Luc Richier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3964)


Checking that a security policy has been correctly deployed over a network is a key issue for system administrators. Since policies are usually expressed by rules, we propose a method to derive tests from a set of rules with a single modality. For each element of our language and each type of rule, we propose a pattern of test, which we call a tile. We then combine those tiles into a test for the whole rule.


Test Generation Security Policy Network Security Label Transition System Execution Sequence 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
  2. 2.
    Benferhat, S., Baida, R.E., Cuppens, F.: A Stratification-Based Approach for Handling Conflicts in Access Control. In: 8th ACM Symposium on Access Control Models and Technologies (2003)Google Scholar
  3. 3.
    Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: A security model with non atomic actions and deadlines. In: 18th IEEE Computer Security Foundations Workshop (CSFW-18 2005), Aix-en-Provence, France, pp. 186–196 (2005)Google Scholar
  4. 4.
    Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust, FAST (2004)Google Scholar
  5. 5.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: International Workshop on Policies for Distributed Systems and Networks (2001)Google Scholar
  6. 6.
    Darmaillacq, V., Fernandez, J.-C., Groz, R., Mounier, L., Richier, J.-L.: Éléments de modélisation pour le test de politiques de sécurité. In: Colloque sur les RIsques et la Sécurité d’Internet et des Systèmes, CRiSIS, Bourges, France (2005)Google Scholar
  7. 7.
    Darmaillacq, V., Stouls, N.: Développement formel d’un moniteur détectant les violations de politiques de sécurité de réseaux. In: AFADL2006 - Approches Formelles dans l’Assistance au Développement de Logiciels, Paris (March 2006)Google Scholar
  8. 8.
    ITU. Framework on formal methods in conformance testing. ITU-T Recommendation Z.500, ITU (1997)Google Scholar
  9. 9.
    Lobo, J., Bhatia, R., Naqvi, S.: A Policy Description Language. In: AAAI 1999 (1999)Google Scholar
  10. 10.
    Meyer, J.-C., Dignum, F., Wieringa, R.: The Paradoxes of Deontic Logic Revisited: A Computer Science Perspective. Technical Report UU-CS-1994-38, Utrecht University (1994)Google Scholar
  11. 11.
    Pnueli, A.: The Temporal Logic of Programs. In: I.C.S. Press (ed.) 18th Annual Symposium on Foundations of Computer Science (1977)Google Scholar
  12. 12.
    Senn, D., Basin, D., Caronni, G.: Firewall Conformance Testing. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, pp. 226–241. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Virmani, A., Lobo, J., Kohli, M.: Netmon: Network Management for the SARAS Softswitch. In: IEEE/IFIP Network Operations and Management Symposium (2000)Google Scholar
  14. 14.
    von Wright, G.H.: Deontic Logic. Mind 60, 1–15 (1951)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Vianney Darmaillacq
    • 1
  • Jean-Claude Fernandez
    • 2
  • Roland Groz
    • 1
  • Laurent Mounier
    • 2
  • Jean-Luc Richier
    • 1
  1. 1.Laboratoire LSR-IMAGSt Martin d’HèresFrance
  2. 2.Laboratoire Vérimag, Centre EquationGièresFrance

Personalised recommendations