Systematic Testing and Verification of Security Policies

Speaker:  Tao Xie – Raleigh, IL, United States
Topic(s):  Security and Privacy

Abstract

Access control is one of the most fundamental and widely used privacy and security mechanisms at both application and network levels. Given the high importance and delicacy of security policies, ensuring the correctness of security policies is important, and yet difficult. A tiny error in security policies could lead to irreparable, if not tragic, consequences. Therefore, identifying discrepancies between policy specifications and their intended function is a crucial task. To achieve this goal, security policies must undergo systematic, rigorous testing and verification to ensure that they truly represent the intention of their policy authors. In this talk, the speaker presents state-of-the-art research work on new techniques and tools for systematic testing and verification of security policies. Example security policies include firewall policies and access control policies such as those written in XACML. Example systematic testing techniques include techniques for coverage criteria, test generation, and test oracles. Example systematic verification techniques include techniques for property specification, property inference, and policy verification.

About this Lecture

Number of Slides:  50
Duration:  60 minutes
Languages Available:  English
Last Updated: 

Request this Lecture

To request this particular lecture, please complete this online form.

Request a Tour

To request a tour with this speaker, please complete this online form.

All requests will be sent to ACM headquarters for review.