A Scenario-Based Test Case Generation Framework for Security Policies

摘要

Security policy system is critical to the security sensitive implementation systems. To increase confidence in the correctness of the security policies, policy developers can conduct policy testing to ensure security policies are correctly implemented in these systems. In this paper we present a novel framework for security policy testing. The framework takes the security policy as a support for the secure operation of the functional systems and seizes the dynamic characteristic of the security policies which change with the refinement of functional systems. The testing framework is model based and includes three parts. They are security policy integration; refinement based testing scenario acquisition and risk-based testing organization. The framework covers all elements for the model-based testing and provides a comprehensive solution for the security policy testing.