Nowadays, security policies are the key point of every modern infrastructure. The specification and testing of such policies axe the fundamental steps in the development of a secure system. To address both challenges, we propose a framework that automatically generates test sequences to validate the conformance of a security policy. The functional behavior of the system is specified using a formal description technique based on Extended Finite-State Machines (EFSMs), while security requirements are specified using XACML. We develop specific algorithms to integrate the security rules into the functioned system specification. In this way, we obtain a complete specification of the secured system. Then, automatic test generation is performed using a dedicated tool called TestGen-IF which was developed in our laboratory. This generation is based on the security properties as test objectives. Finally, a case study is presented to demonstrate the reliability of our framework.
展开▼