Title :
A Security Assurance Framework Combining Formal Verification and Security Functional Testing
Author :
Wang, Weiguang ; Zeng, Qingkai ; Mathur, Aditya P.
Author_Institution :
State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China
Abstract :
Formal specification is usually employed to avoid ambiguity of security requirements. However, it is hard to assure correctness of this formal model and its conformance with security implementation. In this paper, a framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure. Formal requirements are verified following integrated steps and formulae. Verified specification is used as the basis for security functional test and a test criterion called strict schema coverage is developed to derive tests. The framework is supported by Z specification Based Security Assurance Toolkit (ZBSAT). Empirical results on Chinese Wall Model (CWM) policy and its implementation demonstrate its feasibility. In addition, comparison results of mutation test explore the efficiency of this test approach.
Keywords :
conformance testing; formal verification; program testing; security of data; CWM policy; Chinese wall model policy; Z specification Based Security Assurance Toolkit; ZBSAT; conformance check procedure; formal model; formal requirements; formal specification; formal verification; security assurance framework; security functional testing; security requirements; strict schema coverage; test criterion; Abstracts; Analytical models; Computational modeling; Manuals; Security; Software; Testing; Formal verification; Security functional testing; Software security;
Conference_Titel :
Quality Software (QSIC), 2012 12th International Conference on
Conference_Location :
Xi´an, Shaanxi
Print_ISBN :
978-1-4673-2857-9
DOI :
10.1109/QSIC.2012.34
