1 / 16

Verification and Testing of Security Policies

JeeHyun Hwang North Carolina State University. Verification and Testing of Security Policies. Background. Security policies are widely used mechanism to protect system/network (e.g., access control, firewall policies). Access Control Policy Evaluation.

niles
Download Presentation

Verification and Testing of Security Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JeeHyun Hwang North Carolina State University Verification and Testing of Security Policies

  2. Background • Security policies are widely used mechanism to protect system/network (e.g., access control, firewall policies)

  3. Access Control Policy Evaluation • Access control mechanisms control which subjects (such as users or processes) have access to which resources. Policy Request Response (Permit, Deny, or Not-applicable)

  4. Problems • Factors for misconfiguration • Conflicts among rules, rule-set complexity, Mistakes in handling corner cases, constrains, etc. • Our goal is to improve quality of security policies • Modeling, Implementation, Verification, Testing • Firewall Policies (SRDS 08, 09) • Structural coverage criteria, test generation techniques, fault localization • Access Control Policies written in XACML (SSIRI 08, DBSec 09, Policy demo 10) • ACPT (Access Control Policy Tool) , test generation techniques to detect potential problems in policies • Policies in Code (In Progress)

  5. ACPT (Access Control Policy Tool) • Collaborate with Dr. Vincent Hu (NIST) • Support correct policy modelling • Ensure the correct behaviours of policies • Static verification: check whether properties are satisfied by a policy • Dynamic verification (i.e., Testing): evaluate requests and check whether their evaluated decisions are correct

  6. ACPT Features ACPT is a tool for composing access control models (such as Rule Based and Multi-Level policy models) • Help specifying policies, rules and properties through model templates • Support various policy combining algorithms (e.g., first applicable or permit-overrides) • Generate an enforceable XACML policy

  7. ACPT Features (cont.) To ensure policy correctness, ACPT supports both static and dynamic verification of a policy • Verify policies against specified properties to detect violations using NuSMV [Cimatti et al. CAV 2002] • Generate test inputs for testing of policy implementation • Test inputs based on structural coverage [Martin et al. ICICS 2006] • Test inputs based on combinatorial coverage [Hu et al. IJSEKE 2010]

  8. ACPT Architecture GUI allows specification of users, groups, attributes, roles, rules, policies, and resources Administrator API/mechanism to consume/acquire external data related to policies GUI User, attribute, resource, role, etc. data Data Acquisition AC Model Templates XACML Generate enforceable policies Verify access control policies Policy Generator Static Verification .xml Generate test inputs Generate and evaluate test inputs Test inputs based on structural or combinatorial coverage Test inputs with their evaluated decisions Dynamic Verification

  9. Questions?

  10. Future Work • Improve ACPT with various features • Support various dynamic features in XACML • Extend our approach to security policies for polices in code • Extract access control policies in Code • Translate the policies into corresponding policies in XACML • .

  11. Expected Decisions Policy Testing Actual Decisions Test Packets Firewall • Test Generation – Generate test packets • Test Execution – Evaluate the test packets against a firewall and capture their actual decisions • Test Results Evaluation – Check if the decisions are consistent with our expected decisions • If decisions are not consistent, faults cannot be revealed

  12. 12 ACPT Demo Property specification in ACPT

  13. 13 Static Verification Verify the property against Policy A, the result return false with counterexample.

  14. 14 Static Verification (cont.) Verify the property against Policy B, the result return true.

  15. 15 Test Input Generation and Evaluation

  16. 16 XACML Generation

More Related