To main content

A Model-Based Framework for Security Policy Specification, Deployment and Testing

Abstract

In this paper, we propose a model-driven approach for specifying, deploying and testing security policies in Java applications. First, a security policy is specified independently of the underlying access control language (OrBAC, RBAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. This model is then automatically transformed into security policy for the XACML platform and integrated in the application using aspect-oriented programming. To qualify test cases that validate the security policy in the application, we inject faults into the policy. The fault model and the fault injection process are defined at the meta-model level, making the qualification process language-independent. Empirical results on 3 case studies explore both the feasibility of the approach and the efficiency of a full design & test MDE process.

Category

Academic chapter/article/Conference paper

Language

English

Author(s)

  • Franck Fleurey

Affiliation

  • SINTEF Digital / Sustainable Communication Technologies

Year

2008

Publisher

Springer

Book

Model Driven Engineering Languages and Systems. 11th International Conference, MoDELS 2008, Toulouse, France, September 28 - October 3, 2008. Proceedings

Issue

5301

ISBN

9783540878742

Page(s)

537 - 552

View this publication at Cristin