How to use testing techniques for security validation

Ana Rosa Cavalli (TELECOM & Management SudParis, France)

Testing techniques are used to check if a given system implementation satisfies its specification or some predefined properties. These testing techniques can be active, based on the execution of specific test sequences against the implementation under test, or passive, based on the observation of the exchange of messages (input and output events) of the implementation under test during run-time. In the last years, important research initiatives have taken place dealing with the application of testing techniques to check security properties; in particular, to check the correctness of security policy implementations and also to define intrusion detection techniques. In this talk, we will present some of these approaches and their application to real case studies as well as some ideas of how to specify security policies.

FPS 2012 Program