MSyNC Seminar Series http://www.ece.stevens-tech.edu/~msync
| Title: | Security Functional Testing Using Model-Based Test Automation Approach |
| Speaker: | Chandramouli Ramaswamy |
| Affiliation: | Computer Security Division,National Institute of Standards and Technology(NIST) |
| Date: | October 16th,2002, 3:30-4:30 p.m. |
| Venue: | Burchard 213 |
| Abstract: | |
|
Independent security functional testing
on a product occupies a back seat in traditional security evaluation because
of the cost and stringent coverage requirements. Based on a framework
called TAF (Test Automation Framework) we have developed a toolkit (called
TAF-SFT) to automate many aspects of security functional testing. The
TAF-SFT toolkit uses text-based specifications of security functions provided
by the product vendor and the requirements of the underlying security
model to develop a machine-readable specification of security functions
using the SCR (Software Cost Reduction) formal language. The resultant
behavioral specification model is then processed through the TAF-SFT Toolkit
to generate test vectors. The behavioral model and the test vectors are
then combined with product interface specifications to automatically generate
test drivers (test execution code). We illustrate the application of TAF-SFT
toolkit for security functional testing of a commercial DBMS product.
We also discuss the advantages and disadvantages of using TAF-SFT toolkit
for security functional testing and the scenarios under which the impact
of disadvantages can be minimized. |
|
| Dr. Ramaswamy Chandramouli is a computer scientist in the Computer Security Division of Information Technology Laboratory at the National Institute of Standards & Technology (NIST), Gaithersburg MD, USA. Mouli (as he is known to his colleagues over the years) served for 12 years in several commercial and federal government agencies designing, developing and implementing information systems for various sectors like Banking, Manufacturing and Healthcare. He joined NIST in 1997. Dr. Mouli's recent research focus has been in the area of Role-based access control models, security architectures, security testing and criteria-based security specifications. He has over 12 conference and journal publications in the area of computer security and is the co-author of an upcoming book on "Role-based Access Control Models and their applications". Dr.Mouli holds a M.S in Operations Research from University of Texas at Dallas and a Phd in Information Technology from George Mason University, Fairfax VA. Dr. Mouli's other interests include playing Tennis for the NIST tennis team that this year won the Federal Inter-Agency Tennis Championship. | |
| Host: | Prof. R. Chandramouli |