• DocumentCode
    2165240
  • Title

    Security policy testing using vulnerability exploit chaining

  • Author

    Darmaillacq, Vianney

  • Author_Institution
    Univ. of Grenoble, Grenoble
  • fYear
    2008
  • fDate
    9-11 April 2008
  • Firstpage
    260
  • Lastpage
    261
  • Abstract
    Security policy validation based on conformance testing is a promising approach, but it lacks both of a fault model and of better test selection procedures. Penetration testing approaches rely on a fault model based on the exploitation of sequences of vulnerabilities. This document proposes a method to generate test purposes to validate the conformance of a system to a security policy using a fault model inspired from penetration testing.
  • Keywords
    program testing; program verification; security of data; conformance testing; security policy testing; security policy validation; Authorization; Concrete; Educational institutions; Explosions; Gain control; Genetic mutations; Security; Software testing; System testing; Web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on
  • Conference_Location
    Lillehammer
  • Print_ISBN
    978-0-7695-3388-9
  • Type

    conf

  • DOI
    10.1109/ICSTW.2008.37
  • Filename
    4567017
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2165240