Security policy testing using vulnerability exploit chaining

Security policy testing using vulnerability exploit chaining

Security policy validation based on conformance testing is a promising approach, but it lacks both of a fault model and of better test selection procedures. Penetration testing approaches rely on a fault model based on the exploitation of sequences of vulnerabilities. This document proposes a method...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Darmaillacq, V.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Authorization
Concrete
Educational institutions
Explosions
Gain control
Genetic mutations
Security
Software testing
System testing
Web services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Security policy validation based on conformance testing is a promising approach, but it lacks both of a fault model and of better test selection procedures. Penetration testing approaches rely on a fault model based on the exploitation of sequences of vulnerabilities. This document proposes a method to generate test purposes to validate the conformance of a system to a security policy using a fault model inspired from penetration testing.
DOI:10.1109/ICSTW.2008.37