Your SlideShare is downloading. ×
TAROT2013 Testing School - Antonia Bertolino presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

TAROT2013 Testing School - Antonia Bertolino presentation

389
views

Published on

TAROT 2013 9th International Summer School on Training And Research On Testing, Volterra, Italy, 9-13 July, 2013 …

TAROT 2013 9th International Summer School on Training And Research On Testing, Volterra, Italy, 9-13 July, 2013

These slides summarize Paolo Tonella's presentation about "Academic developments in search based testing for the Future Internet."

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
389
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 11-07-2013 1 9th International Summer School on Training And Research On Testing 9-13 July, 2013 - Volterra, Italy Theme 3: Security Testing XML-based approaches for security testing Antonia Bertolino, ISTI-CNR antonia.bertolino@isti.cnr.it 1 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Acknowledgements All presented approaches and tools are the result of research work in collaboration with: Said Daoudagh, Francesca Lonetti, Eda Marchetti (plus also concerning TAXI with Cesare Bartolini, JingHua Gao and Andrea Polini, and concerning Polpa testing with Fabio Martinelli, Paolo Mori) and have been partially developed within the European Projects: TAS3 (completed) and NESSOS (ongoing) 2
  • 2. 11-07-2013 2 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Agenda ! Introduction to: ! Security mechanisms and access control systems ! Security testing ! XACML ! XML-based testing and TAXI tool ! XACML combinatorial testing and X-CREATE tool ! XACML mutations and XACMUT tool ! Usage-control systems and testing of Polpa ! Conclusions and hints for further research 3 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Software is everywhere Software is routinely used in many disparate aspects of everyday life More and more the different software-intensive devices that we use communicate among themselves In many cases software applications are critical either money-wise or health-wise The evident consequence is that malfunctions of software heavily impact our wellness and welfare 4
  • 3. 11-07-2013 3 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Software malfunctions •  Your web browser crashes while you are reading news •  Your web mail account is stolen •  The computerized device releases a radiations overdose (*) " This is annoying " This could be serious " This is very serious can be very different (*) Leveson, N.G.; Turner, C.S., "An investigation of the Therac-25 accidents," Computer , vol.26, no.7, pp.18,41, July 1993 5 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Software puts us at risk Two somehow contrasting wishes: •  Being connected everytime and everywhere •  Preserving our own privacy and data integrity However, for business and society connectivity is no longer an option. The point is to balance potential risks with benefits. Networks must be enabled to support security services that provide adequate protection to users and companies in a relatively open environment 6
  • 4. 11-07-2013 4 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Rising vulnerability of evolving technology Catherine Paquet, Network Security Concepts and Policies, Cisco Press, 2013 7 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Three related sw quality concerns Dependability Safety Security 8
  • 5. 11-07-2013 5 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Definitions Avizienis, A.; Laprie, J.-C.; Randell, B.; Landwehr, C., "Basic concepts and taxonomy of dependable and secure computing", IEEE Trans. Dependable and Secure Computing, 1 (1), pp.11,33, Jan.-March 2004 9 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Definitions Avizienis, A.; Laprie, J.-C.; Randell, B.; Landwehr, C., "Basic concepts and taxonomy of dependable and secure computing", IEEE Trans. Dependable and Secure Computing, 1 (1), pp.11,33, Jan.-March 2004 the ability to deliver service that can justifiably be trusted 10
  • 6. 11-07-2013 6 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Definitions Avizienis, A.; Laprie, J.-C.; Randell, B.; Landwehr, C., "Basic concepts and taxonomy of dependable and secure computing", IEEE Trans. Dependable and Secure Computing, 1 (1), pp.11,33, Jan.-March 2004 the absence of catastrophic consequences on the user(s) and the environment 11 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Definitions Avizienis, A.; Laprie, J.-C.; Randell, B.; Landwehr, C., "Basic concepts and taxonomy of dependable and secure computing", IEEE Trans. Dependable and Secure Computing, 1 (1), pp.11,33, Jan.-March 2004 the absence of unauthorized access to, or handling of, system state 12
  • 7. 11-07-2013 7 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Composite definition of security Avizienis, A.; Laprie, J.-C.; Randell, B.; Landwehr, C., "Basic concepts and taxonomy of dependable and secure computing", IEEE Trans. Dependable and Secure Computing, 1 (1), pp.11,33, Jan.-March 2004 13 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Security engineering •  Systems engineering must be unified with security engineering: •  Currently(*) security modeling remains largely independent of system models. •  Typically, system requirements and design are done first, and security is added as an afterthought. (*) Premkumar T. Devanbu and Stuart Stubblebine. Software engineering for security: a roadmap. In FOSE 2000 @ICSE '00. ACM, 227-239. 14
  • 8. 11-07-2013 8 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Information Assurance: an overarching approach !  Information must be protected throughout its lifetime, while at rest and while passing through different processing systems !  The strength of any system is no greater than its weakest link !  Each component of the information processing system must have its own protection mechanisms !  The building up, layering on and overlapping of security measures is called defense in depth: !  a design principle to ensure resilience against different forms of attack, and to reduce the probability of a single-point of failure The Onion Model of Defense_In_Depth 15 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Why ensuring security is difficult Security engineers (and especially testers) must take into account not only legitimate users and clients, but also potential (malicious) adversaries Therefore to design a secure system we should provide defenses against all plausible threats: a secure system does only what it is supposed to do and nothing else. 16
  • 9. 11-07-2013 9 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Risk-oriented approach •  Information Security is about minimizing risk to an acceptable level while maintaining the Confidentiality, Integrity, and Availability of the systems and data. •  All systems have some level of risk. •  A completely secure, zero risk, system is one that has zero functionality. 17 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Towards a Security-centered Development Process ! A security development lifecycle (SDL) is a software development lifecycle placing special emphasis on security in each phase ! Several SDLs have been proposed, of which Microsoft SDL is the best established in industry 18
  • 10. 11-07-2013 10 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” There exist many different types of security testing. For example, Microsoft SDL includes three practices: "  Dynamic Analysis: performs run-time verification of software functionality using tools that monitor application behavior for memory corruption, user privilege issues, and other "  Fuzz Testing: induces program failure by deliberately introducing malformed or random data to an application so to reveal potential security issues prior to release "  Attack Surface Review: Reviewing attack surface before and after the installation of product(s) and displays the changes to key elements of the attack surface Security testing 19 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Scope of security testing Software security Security software "  testing security mechanisms to ensure that their functionality is properly implemented "  performing risk-based security testing driven by understanding and simulating the attacker’s approach To keep in mind: “software security is not security software” (*) Security features such as cryptography, strong authentication, and access control play critical roles in software security, however security itself is an emergent property of an entire system, not just its security mechanisms. (*) Gary McGraw and Bruce Potter. 2004. Software Security Testing. IEEE Security and Privacy 2, 5 (September 2004), 81-85. 20
  • 11. 11-07-2013 11 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Approaches for testing “software security” Mostly negative testing, aiming at detecting whether the application does something it should not do. It includes: •  Fuzzing, either random or systematic (e.g., model-based fuzz testing) •  Vulnerability injection, e.g. SQL injection •  Risk-based testing •  Security test patterns (e.g., DIAMONDS project) •  …. 21 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Scope of security testing Software security Security software "  testing security mechanisms to ensure that their functionality is properly implemented "  performing risk-based security testing driven by understanding and simulating the attacker’s approach To keep in mind: “software security is not security software” (*) Security features such as cryptography, strong authentication, and access control play critical roles in software security, however security itself is an emergent property of an entire system, not just its security mechanisms. (*) Gary McGraw and Bruce Potter. 2004. Software Security Testing. IEEE Security and Privacy 2, 5 (September 2004), 81-85. It relies on expertise and knowledge of the system: requires that you think about your project and possible misuses or attack 22
  • 12. 11-07-2013 12 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Scope of security testing Software security Security software "  testing security mechanisms to ensure that their functionality is properly implemented "  performing risk-based security testing driven by understanding and simulating the attacker’s approach To keep in mind: “software security is not security software” (*) Security features such as cryptography, strong authentication, and access control play critical roles in software security, however security itself is an emergent property of an entire system, not just its security mechanisms. (*) Gary McGraw and Bruce Potter. 2004. Software Security Testing. IEEE Security and Privacy 2, 5 (September 2004), 81-85. 23 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” CIA 24
  • 13. 11-07-2013 13 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” CIA 25 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Data classification Assets (data, programs, resources,…) have different security levels, e.g. ! Unclassified ! Restricted ! Confidential ! …. Correspondingly differing roles for people or applications are introduced defining who can access what level, e.g. ! Owner ! Administrator ! User ! …. 26
  • 14. 11-07-2013 14 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Access control !  Once a system involves security-classified data, we need to ensure that only the intended people can access them and that these intended users are only given the level of access required to accomplish their tasks. 27 An access control system provides a decision (ok, ko) to an authorization request, typically based on predefined policies request response Access Control policy SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Access control mechanisms Identification Authentication Authorization 28
  • 15. 11-07-2013 15 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Access control mechanisms Identification Authentication Authorization the activity of a subject supplying information to identify itself to an authentication service. Examples: username, account number, ID card, … 29 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Access control mechanisms Identification Authentication Authorization a means to verify the authenticity of the identity declared during Identification. Three ways (of increasing cost): - What subject knows: passwords, PINs, passcodes, etc. - What subject has: covers keys, tokens, smartcards, etc. - What subject is: biometric data, e.g., fingerprints, voice recognition, etc. Authentication can be one-factor or two/three-factor (strong) 30
  • 16. 11-07-2013 16 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Access control mechanisms Identification Authentication Authorization the process of assigning to authenticated subjects a set of permissions that defines what they can and cannot do. These permissions are generally defined by security policies 31 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Defining security rules (or policies) A security policy is a specific statement of what is and is not allowed 32
  • 17. 11-07-2013 17 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Security policies From Wikipedia: Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people. •  Access control •  Computer security policy •  Environmental design •  Information Protection Policy •  Information security policy •  National security policy, Military strategy •  Network security policy •  Virtual security policy •  … 33 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” The eXtensible Access Control Markup Language 34 ! XACML is the OASIS standard for specifying Access Control Policy ! The latest version is XACML 3.0 that has been released in January 2013 -- Before, XACML 2.0 was released on Feb. 2005 (this is the version implemented in our tool) -- XACML 1.0 had been released in Feb. 2003 ! Organizations sponsoring OASIS and contributing to the XACML standard include: CA Technologies, Cisco Systems, Connectis, Dell, EMC, IBM, Microsoft, Oracle, Primeton Technologies, Inc., Red Hat, SailPoint Technologies, The Boeing Company, Veterans Health Administration, ViewDS, etc.. www.oasis-open.org
  • 18. 11-07-2013 18 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” 35 XACML !  XACML is a general-purpose language for access control policies. It provides an XML-based syntax for managing access to resources ! XML is a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended and the widespread support that it enjoys from all the main platform and tool vendors ! It is generic (can be used by many different kinds of applications and platforms), distributed (a policy can refers to other sub-policies, and XACML knows how to correctly combine the results from these different policies into one decision) and powerful (supports a wide variety of data types, functions, and rules about combining the results of different policies) SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” 36 XACML languages Policy Language Used to describe access control requirements. Who is allowed to do what? Request/Response Language The request is a query about permissions associated with x. The response is permit, deny, indeterminate, or not applicable.
  • 19. 11-07-2013 19 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACML architecture XACML also proposes a standard reference architecture 37 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACML architecture XACML also proposes a standard reference architecture performs access control, by making decision requests and enforcing authorization decisions. Basically the entity that sends the XACML request to the Policy Decision Point (PDP) and receives an authorization decision. 38
  • 20. 11-07-2013 20 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACML architecture XACML also proposes a standard reference architecture evaluates applicable policy and returns an authorization decision 39 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” 40 XACML Flow "  A Subject who wishes to access an Object (Resource) must do so through the PEP "  The PEP forms the XACML request and sends it to the PDP "  The PDP checks the request against the Policy and returns a XACML response "  The PEP either Permits or Denies access to the resource. Policy Enforcement Point (PEP) Can I access Resource? Policy Decision Point (PDP) Permit/Deny The relevant XACML policy needs to be selected and its rules evaluated Requests and responses also specified in XACML
  • 21. 11-07-2013 21 XACML Structure 41 The nice picture is taken from: Yoon Jae Kim, Access Control Service Oriented Architecture Security, on line at http://www.cs.wustl.edu/~jain/cse571-09/ftp/soa/ SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACML policy example <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue >http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string"> write</AttributeValue> <AttributeValue DataType="string"> read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> Target Rule2 Rule1 Condition 42
  • 22. 11-07-2013 22 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” We need to verify the access control system XACML properties of interoperability, extensibility, distribution are paid in terms of complexity and verbosity Policies can be deceiving and need to be carefully checked 43 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Policy testing Provide test strategies for test suite generation so to simulate correct or improper usage of data and resources by execution of test suites Data Resources Test suite 1 User1 X X Test suite 2 User2 X X X Policies specification 44
  • 23. 11-07-2013 23 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Testing Purpose Testing the policy specification PDP Policies Test Suite SUT Oracle reply request request request request verdict 45 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Testing Purpose Testing the policy implementation (PDP) PDP Policies Test Suite SUT Oracle reply request request request request verdict 46
  • 24. 11-07-2013 24 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACML testing Different types of approaches have been proposed, including: " Structural Coverage of XACML elements " Combinatorial (Targen, X-Create) " Category-partition (X-Create) " Change-impact based " Model-based " ….. 47 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Targen Targen(*) is a seminal tool on XACML testing that is the closest competitor to X-CREATE Targen applies a combinatorial approach on the attribute values and for each target included in the policy under test it derives as many requests as many are all the possible combinations of values of the attributes found in the subject, resource, and action sections (*) E. Martin and T. Xie, “Automated test generation for access control policies,” in Supplemental Proc. of ISSRE, November 2006. 48
  • 25. 11-07-2013 25 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Our approach X-CREATE XaCml REquests derivAtion for TEsting X-CREATE tool supports several different tests derivation strategies based on a combinatorial approach It can be downloaded from our laboratory page at: http://labsewiki.isti.cnr.it/labsedc/tools/xcreate/public/main 49 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Our approach X-CREATE XaCml REquests derivAtion for TEsting Original idea: We exploit the XML nature of XACML and adapt our previous tool TAXI for XML test generation …so, let’s now open a brief parenthesis about TAXI … 50
  • 26. 11-07-2013 26 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” •  A tool for systematic document generation from XML Schema •  It can be downloaded from our laboratory page at: 5 1 http://labsewiki.isti.cnr.it/labsedc/tools/taxi/public/main TAXI SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” The eXtensible Markup Language(XML) <?xml version="1.0" encoding="ISO88591"?> <card> <name>John Doe</name> <title>CEO, Widget Inc.</title> <email>john.doe@widget.com</email> <phone>(202) 4561414</phone> </card> # The eXtensible Markup Language (XML) is a Markup Language which is a standard format to store information and data. # XML documents are tree structured documents in which data are formatted/organised using tags 52
  • 27. 11-07-2013 27 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XML & XML Schema # XML Schema provides a means for defining the structure and content of XML documents # In the open networked world, XML Schema support interoperability between independently developed applications Chinese Italian 53 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Automatic XML-Based Testing and Benchmarking 54
  • 28. 11-07-2013 28 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Automatic XML-Based Testing and Benchmarking 55 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Our systematic approach The approach has been inspired at-large by the well-known semi-automatedCategory Partition methodology for systematic test generation … ..or, you can think of it as grammar-based generation, on the XSD syntax, although we have also introduced practical rules 56
  • 29. 11-07-2013 29 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Mapping CP to XPT CP (*) XPT Analyze Specifications Identify Functional Units Partition Categories Selecte Choices Determine Constraints $% Preprocessor $% Identify Sub-Schema Sets $% Identify Types $% Partition Values and Structures $% Determine “valid/invalid” constraints Generate Intermediate Instances Generate Final Instances Generate Test Specification $% Generate Test Cases $% (*) Thomas J. Ostrand and Marc J. Balcer. The category-partition method for specifying and generating functional tests. Communications of ACM,31(6),1988. 57 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Identification of Sub-Schema Sets <choice> elements partition the XML Schema into distinct sets corresponding to the CP functional units XML Schema choice A B 1 2 choice XML Schema sequence A 1sequence XML Schema sequence A 2sequence XML Schema sequence B 1sequence XML Schema sequence B 2sequence preprocessorAnalyze Specifications Mapping from CP to XPT Identify Functional Units Identify Sub- Schema Sets Partition Categories Identify Types Selecte Choices Partition Values and Structures Determine Constraints Determine “valid/invalid” Constraints Generate Test Specification Generate Intermediate Instances Generate Test Specification Generate Final Instances 58
  • 30. 11-07-2013 30 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Intermediate Instances " Generate intermediate instance by combining the values of “minOccurs” and “maxOccurs”. "  Apply the conventional Boundary Condition test approach to reduce the combinations sub-Schema minOccurs=0 maxOccurs=3 minOccurs=2 maxOccurs=4 A B Intermediate Instance B occurs=2 Intermediate Instance Intermediate Instance Intermediate Instance A occurs=0 A occurs=3 B occurs=2 A occurs=0 B occurs=4 A occurs=3 B occurs=4 preprocessorAnalyze Specifications Identify Functional Units Identify Sub- Schema Sets Partition Categories Identify Types Selecte Choices Partition Values and Structures Determine Constraints Determine “valid/invalid” Constraints Generate Test Specification Generate Intermediate Instances Generate Test Specification Generate Final Instances Mapping from CP to XPT 59 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Potential Applications ! For validating database management systems: - automatically generate valid XML instances for populating database - evaluate the performance and the quality of the associated management systems ! For testing the inter-operability between applications and for enabling the correct interactions among the interfaces used by remote components in distributed systems. - automatic and controlled generation of valid and invalid instances enables the automated testing of I/O behavior ! For verifying the proper communication protocols between web- services. - SOAP-based interaction between services exploiting the corresponding XML Schemas… ! … •  For validating database management systems: Further Reading: Bertolino, Antonia, Jinghua Gao, Eda Marchetti, and Andrea Polini. "Automatic test data generation for XML schema-based partition testing." In Proc. of the Second International ICSE Workshop on Automation of Software Test, p. 4. IEEE Computer Society, 2007. Bartolini, Cesare, Antonia Bertolino, Eda Marchetti, and Andrea Polini. "WS-TAXI: A WSDL-based testing tool for web services." In Proc. ICST'09, pp. 326-335. IEEE, 2009.60
  • 31. 11-07-2013 31 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” X-CREATE Testing Framework Request structure Policies specification Instantiated Request Implements several testing strategies: •  Preliminary XPT (XML Partition Testing) •  Incremental XPT •  Simple Combinatorial •  Multiple Combinatorial •  Hierarchical Simple •  Hierarchical Incremental 61 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Preliminary XPT Main Idea Inspired by TAXI: Derive (once and for all) a universally valid generic test suite of conforming requests by applying: •  A variant of the Category Partition methodology •  The Boundary Conditions methodology Each request in this generic test suite is a general structure of a valid XACML request instance. XACML Context Schema Request structure Conforming test suite 62
  • 32. 11-07-2013 32 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XPT implementation The tool consists of three main components: & an intermediate-request generator, which is based on the XPT approach for intermediate instances (request structures) generation & a policy analyzer which selects the input values from the policy specification, and & a values manager, which distributes the input values to the request structures. 63 64 A Sketch of the XACML Context Schema
  • 33. 11-07-2013 33 65 X {1,...,k/2,...,k} X {0,...,k/2,...,k} X {1,...,k/2,...,k} 1.  Fix ! to K 2.  Apply XPT strategy to the obtained scheme SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” We thus automatically obtain a set of different Request Structures Example of request structure <Request> <Subject> </Subject> <Subject> </Subject> <Resource> </Resource> <Action> </Action> </Request>
  • 34. 11-07-2013 34 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” 118098!!!!! Too Much!!! 10 elements with unbounded occurrence and 1 having [0,1] cardinality -> 310 * 21 = 118098 request structures (still to be filled with values…) We need to apply some approach to select those request structures that could maximize the fault detection capability Note: the full set of request structures needs to be derived once and for all Only the selection of the subset is redone each time SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Policy Under-Test Analyzer Take values from the policy under test for elements and attributes. Four values sets are defined: •  SubjectSet •  ResourceSet •  ActionSet •  EnvironmentSet For robustness and negative testing random values for elements and attributes are added 68
  • 35. 11-07-2013 35 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Example of results from the policy analyser 69 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Request Values Manager Responsible for the final requests generation. Two possible approaches using either standard structures or combinatorial structures 1.  Pure combinatorial approach using all the values in the 4 sets 2.  Hierarchical combination (to focus the request generation on a specific part of a policy)
  • 36. 11-07-2013 36 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” How many combinations? Avoiding duplication derive all combinations of subject “entities”, resource “entities”, action “entities” and environment “entities” by applying: •  the pair-wise combination (PW) •  the three-wise combination (TW) •  apply the four-wise combination (FW) Note: The number of combinations strictly depends on the policy considered 71 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Examples Example of request <Request> <Subject>Mario Rossi</Subject> <Resource>personal id</Resource> <Action>read</Action> </Request> Example of request <Request> <Subject>s2</Subject> <Resource>personal id</Resource> <Action>a2</Action> </Request> Example of request <Request> <Subject>Mario Rossi</Subject> <Subject>s2</Subject> <Resource>p2</Resource> <Action>read</Action> <Enviroment>e2</Enviroment> </Request> 72
  • 37. 11-07-2013 37 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” X-CREATE v.s. Targen We considered the available policies used also for Targen presentation We applied mutation to the policies to introduce faults We used the same mutation operators for XACML policies indicated in Targen experiment We used the sets of mutants obtained for answering the two Research Questions: TSEff: Is the test suite derived by X-CREATE more effective than that derived by Targen? TSIncr: Is X-CREATE provided capability to vary test request number and structure useful to increase effectiveness? SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Some Results We generated the same number of requests generated by the Targen tool for each policy, so to get a fair comparison We only derived the data for PolicyExample, the other are from the Targen evaluation
  • 38. 11-07-2013 38 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Well done!! …but can we do better? •  New methodology for request structures generation (Incremental XPT) •  New specific test strategy providing a stopping criterion (Simple Combinatorial) 75 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Incremental XPT one value for the <AttributeValue> zero to minOccurs and maxOccurs of the ResourceContent element and those of the contained <Any> element because not used in test values generation We end up with 36 = 729 request stuctures 76 We introduce a modified (reduced) schema as follows:
  • 39. 11-07-2013 39 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Simple Combinatorial Idea: derive as many requests as the possible combinations of the values of the subjects, resources, actions and environment of the XACML policy. •  The derived requests are first those obtained using all combinations of the Pairwise set, then of the 3wise set and finally those of the 4wise set. •  The maximum number of requests derived by this strategy is equal to the cardinality of the 4wise set. The resulting number of combinations could be also be used as a stopping criterion for the test case generation in XPT 77 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Evaluation of the test strategies effectiveness: ' Define a set of XACML policies ' Apply mutation to each policy to introduce faults ' Execute each set of test cases on the policy and its mutants ' Establish the winner in each match Incremental XPT vs. Simple Combinatorial 78
  • 40. 11-07-2013 40 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XPT v.s. Simple Combinatorial The same number of requests for each policy the effectiveness of the Incremental XPT is generally higher than that of the Simple Combinatorial strategy In two cases the fault detection of the Simple Combinatorial is higher than that of Incremental XPT Simple combinatorial Incremental XPT 79 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Deeper Analysis Incremental XPT is the winner when the access decision of the policy rules depends concurrently on the values of more than one subject or resource or action or environment entity Simple Combinatorial is the winner when the policies are simple and the satisfiability of the policy rules depends on the combinations of a single subject, resource, action and environment entity 80
  • 41. 11-07-2013 41 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” How to evaluate XACML testing approaches? The mutation approach typically used in software testing has been adapted to XACML policy testing 81 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACMUT: XACML 2.0 Mutants Generator It can be downloaded from our laboratory page at: http://labsewiki.isti.cnr.it/labsedc/tools/xacmut/public/main Our tool 82
  • 42. 11-07-2013 42 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACMUT " !"!#$%!&'!()%*+&,!&-$.*%&.#!*//.$##0,1!#-$2032!'*)4%#!&'!%5$!6"789!:;<! *22$##!2&,%.&4!-&402=!! " !6"78>?!@6"7(4!8>?*+&,AB! " 1$,$.*%$#!%5$!#$%!&'!()%*,%#! " -.&C0/$#!'*2040+$#!%&!.),!*!10C$,!%$#%!#)0%$!&,!%5$!()%*,%#!#$%! " 2&(-)%$#!%5$!%$#%!#)0%$!$D$2+C$,$##!0,!%$.(#!&'!()%*+&,!#2&.$! 83 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Previous work E.&-&#*4F*! E.$40(0,*.=!#$%!&'!()%*+&,!&-$.*%&.#!'&.!6"789!-&4020$#;!! G&%!0,24)/$/B! "  *44!%5$!0(-&.%*,%!2.0+2*40+$#!&'!%5$!6"789!-&402=!#-$2032*+&,! ! "  (&#%!&'!%5$!*C*04*H4$!6"789!'),2+&,#!! E.&-&#*4:**!! "  I$%!&'!()%*+&,!&-$.*%&.#!H*#$/!&,!($%*(&/$4! "  #0()4*%$!%5$!'*)4%#!0,!%5$!#$2).0%=!(&/$4#!0,/$-$,/$,%4=!'.&(!%5$!.&4$JH*#$/! '&.(*40#(!@KJL"7!M!N.L"7!M!OA! E$2)40*.0%=B!?5$!()%*+&,!&-$.*%&.#!2*,,&%!H$!/0.$2%4=!*--40$/!%&!6"789!! !*E. Martin and T. Xie, “A fault model and mutation testing of access control policies,” in Proc. of WWW, May 2007, pp. 667–676 **T. Mouelhi, F. Fleurey, and B. Baudry, “A generic metamodel for security policies mutation,” in Proc. of ICSTW, 2008, pp. 278–286 84
  • 43. 11-07-2013 43 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Mutation operators of Proposal1 E&402=!I$%!?*.1$%!?.)$!@EI??A!J!.$(&C$#!%5$!?*.1$%!&'!$*25!E&402=I$%! $,#).0,1!%5*%!%5$!E&402=I$%!0#!*--40$/!%&!*44!.$P)$#%#! E&402=!I$%!?*.1$%!Q*4#$!@EI?QA!J!(&/03$#!%5$!?*.1$%!&'!$*25!E&402=I$%!#)25! %5*%!%5$!E&402=I$%!0#!,$C$.!*--40$/!%&!*!.$P)$#%! E&402=!?*.1$%!?.)$!@E??A!J!.$(&C$#!%5$!?*.1$%!&'!$*25!E&402=!$,#).0,1!%5*%! %5$!E&402=!0#!*--40$/!%&!*44!.$P)$#%#! E&402=!?*.1$%!Q*4#$!@E?QA!J!(&/03$#!%5$!?*.1$%!&'!$*25!E&402=!$,#).0,1!%5*%! %5$!E&402=!0#!,$C$.!*--40$/!%&!*!.$P)$#%! K)4$!?*.1$%!?.)$!@K??A!J!.$(&C$#!%5$!?*.1$%!&'!$*25!.)4$!$,#).0,1!%5*%!%5$! K)4$!0#!*--40$/!%&!*44!.$P)$#%#! K)4$!?*.1$%!Q*4#$!@K?QA!J!(&/03$#!%5$!?*.1$%!&'!$*25!.)4$!#)25!%5*%!%5$! K)4$!0#!,$C$.!*--40$/!%&!*!.$P)$#%! 85 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Mutation operators of Proposal1(cont.) "  K)4$!7&,/0+&,!?.)$!@K7?A!J!.$(&C$#!%5$!2&,/0+&,!&'!$*25!K)4$!$,#).0,1! %5*%!%5$!7&,/0+&,!*4R*=#!$C*4)*%$#!%&!?.)$! "  K)4$!7&,/0+&,!Q*4#$!@K7QA!J!(*,0-)4*%$#!%5$!7&,/0+&,!C*4)$#!&.!%5$! 7&,/0+&,!'),2+&,#!$,#).0,1!%5*%!%5$!7&,/0+&,!*4R*=#!$C*4)*%$#!%&!Q*4#$! "  75*,1$!E&402=!7&(H0,0,1!"41&.0%5(!@7E7A!J!.$-4*2$#!%5$!$S0#+,1!-&402=! 2&(H0,0,1!*41&.0%5(!R0%5!*,&%5$.!-&402=!2&(H0,0,1!*41&.0%5(;!!?5$!#$%!&'! 2&,#0/$.$/!-&402=!2&(H0,0,1!*41&.0%5(#!0#!T!"#$%&'"(()!"*+,-"(.)/% &'"(()!"*+,0(*/%1--2)3142"+,&#2$%&#",1--2)3142"U! "  75*,1$!K)4$!7&(H0,0,1!"41&.0%5(!@7K7A!J!.$-4*2$#!%5$!$S0#+,1!.)4$! 2&(H0,0,1!*41&.0%5(!R0%5!*,&%5$.!.)4$!2&(H0,0,1!*41&.0%5(;!?5$!#$%!&'! 2&,#0/$.$/!.)4$!2&(H0,0,1!*41&.0%5(#!0#!T!"#$%&'"(()!"*+,-"(.)/% &'"(()!"*+,0(*/%1--2)3142"U! "  75*,1$!K)4$!VD$2%!@7KVA!J!25*,1$#!%5$!.)4$!$D$2%!H=!.$-4*20,1!E$.(0%!R0%5! W$,=!&.!W$,=!R0%5!E$.(0%! 86
  • 44. 11-07-2013 44 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” E&402=!?*.1$%!?.)$!@E??A!$S*(-4$ <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string"> write</AttributeValue> <AttributeValue DataType="string"> read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string"> read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> 8)%*%$/!-&402=!X&4/!-&402=! A request with http://library.com/record resource will be applicable A request with any resource will be applicable 87 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” E&402=!?*.1$%!Q*4#$!@E?QA!$S*(-4$! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string"> write</AttributeValue> <AttributeValue DataType="string"> read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>RandomValue##+]][[*##_####987654 32_RandomValue456Mutant_xyz </AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string"> read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> 8)%*%$/!-&402=!X&4/!-&402=! No request will be applicable 88
  • 45. 11-07-2013 45 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Mutation operators of Proposal2 "  KE?!J!.$-4*2$#!*!.)4$!-*.*($%$.!5*C0,1!*!%=-$!R0%5!*,&%5$.!-*.*($%$.!&'!*! /0D$.$,%!.)4$!5*C0,1!%5$!#*($!%=-$;!Y,!6"789!4*,1)*1$!%5$!.)4$!-*.*($%$.#! 2&..$#-&,/!%&!#)HZ$2%#M!.$#&).2$#M!*2+&,#!*,/!$,C0.&,($,%#! "  EEK!J!25&&#$#!&,$!.)4$!'.&(!%5$!#$%!&'!.)4$#M!*,/!%5$,!.$-4*2$#!%5$!#%*%)#!R0%5! %5$!&--&#0%$!&,$!! "  0%!2&0,20/$#!R0%5!7KV!&-$.*%&.!&'!E.&-&#*4F! "  "GK!J!*//#!*!,$R!.)4$!2&,%*0,0,1!*!,$R!2&(H0,*+&,!&'!-*.*($%$.#!%5*%!0#!,&%! #-$203$/!0,!%5$!$S0#+,1!.)4$#!&'!%5$!-&402=!! "  KVK!J!25&&#$#!&,$!.)4$!*,/!.$(&C$#!0%!! "  EEW!J!.$-4*2$#!*!-*.*($%$.!R0%5!&,$!&'!0%#!/$#2$,/0,1!-*.*($%$.#! "  0%!0#!,&%!*--402*H4$!%&!6"789!:;<!4*,1)*1$!!!! "  %5$!.&4$#!*,/!.$#&).2$#!50$.*.25=!0#!&,4=!2&,#0/$.$/!0,!-&4020$#!2&(-40*,%!%&!7&.$!*,/! [0$.*.2502*4!KL"7!-.&34$!*,/!%&![0$.*.2502*4!.$#&).2$!-.&34$!&'!6"789!:;<! "  $!!*/*-%!KE?M!EEKM!"GK!*,/!KVK!5015!4$C$4!&-$.*%&.#!%&!6"789! 4*,1)*1$! 89 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” K$(&C$!K)4$!@KVKA!$S*(-4$! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> 8)%*%$/!-&402=!X&4/!-&402=! A request with http://library.com/record resource will be denied 90
  • 46. 11-07-2013 46 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” 75*,1$!K)4$!VD$2%!@7KVA!$S*(-4$! 8)%*%$/!-&402=!X&4/!-&402=! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Permit"></Rule> </Policy> A request with http://library.com/record resource will be allowed 91 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Our new Mutation operators "  K$(&C$>,0P)$,$##Q),2+&,!@K>QA!J!.$(&C$#!%5$!/$-"%&#"%1#!%&#2$!!@/$-"!.$'$.#! %&!*!-.0(0+C$!%=-$B!#%.0,1M!0,%$1$.M!/&)H4$M!$%2;A!'),2+&,!'.&(!%5$!.)4$!2&,/0+&,M! '&.20,1!%5$!'),2+&,!$C*4)*+&,!%&!?.)$!*,/!Q*4#$! "  "//>,0P)$,$##Q),2+&,!@">QA!J!*//#!%5$!/$-"%&#"%1#!%&#2$!'),2+&,!.$'$..0,1!%&! $*25!56()47/"8"*)9#1/&(!&.!56()47/":"2"3/&(!$4$($,%#!&'!%5$!.)4$!7&,/0+&,M! '&.20,1!%5$!'),2+&,!$C*4)*+&,!%&!?.)$!*,/!Q*4#$! "  75*,1$JGJNQJQ),2+&,!@7GNQA!J!25*,1$#!%5$!;!-*.*($%$.!&'!%5$!;%<=!'),2+&,;! ?5$!*.1)($,%!;!#-$203$#!%5$!(0,0()(!,)(H$.!&'!%5$!H&&4$*,!*.1)($,%#!@8A! %5*%!()#%!H$!$C*4)*%$/!%&!?.)$!'&.!%5$!$S-.$##0&,!%&!H$!2&,#0/$.$/!?.)$;!$!#$%! ;!%&!<M!8JF!*,/!8]F! "  75*,1$9&102*4Q),2+&,!@79QA!J!.$-4*2$#!*!4&102*4!'),2+&,!@5;8+,<>+,;%<=A!R0%5! *,&%5$.!&,$;!$!#$%!%5$!;!*.1)($,%!&'!;%<=!'),2+&,!$P)*4!%&!<!'&.20,1!%5$! '),2+&,!$C*4)*+&,!*4R*=#!%&!?.)$! "  "//G&%Q),2+&,!@"GQA!J!*//#!%5$!;&/!'),2+&,!*#!3.#%!'),2+&,!&'!$*25!7&,/0+&,! $4$($,%! 92
  • 47. 11-07-2013 47 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Our new Mutation operators (cont.) "  K$(&C$G&%Q),2+&,!@KGQA!J!/$4$%$#!%5$!;&/!'),2+&,!/$3,$/!0,!%5$!2&,/0+&,! "  75*,1$7&(-*.0#&,Q),2+&,!@77QA!J!.$-4*2$#!*!2&(-*.0#&,!'),2+&,!@/$-"% "?712+,/$-"%9("1/"(%/@1#+,/$-"%9("1/"(%/@1#%&(%"?712+,/$-"%2"**%/@1#+,/$-"% 2"**%/@1#%&(%,,"?712A!R0%5!*,&%5$.!&,$! "  Q0.#%E$.(0%K)4$!@QEKA!J!(&C$#!0,!$*25!-&402=!%5$!.)4$#!5*C0,1!*!E$.(0%!$D$2%! H$'&.$!%5&#$!&,$#!5*C0,1!*!W$,=!$D$2% "  Q0.#%W$,=K)4$!@QWKA!J!(&C$#!0,!$*25!-&402=!%5$!.)4$#!5*C0,1!*!W$,=!$D$2%! H$'&.$!%5&#$!&,$#!5*C0,1!*!E$.(0%!$D$2%!! 93 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” "//G&%Q),2+&,!@"GQA!$S*(-4$! X&4/!-&402=! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> 8)%*%$/!-&402=! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:not"> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> A request with read or write will be allowed A request with read or write will be denied 94
  • 48. 11-07-2013 48 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Q0.#%W$,=K)4$!@QWKA!$S*(-4$! X&4/!-&402=!@$C*4)*%$!.)4$F!*,/!%5$,!.)4$:A!! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> <Rule RuleId="rule2" Effect="Deny"></Rule> </Policy> 8)%*%$/!-&402=!@$C*4)*%$!.)4$:!*,/!%5$,!.)4$FA!! <Policy RuleCombiningAlgId="first-applicable" PolicyId="policyExample"> <Target> <Resource> <AttributeValue>http://library.com/record/</AttributeValue> </Resource> </Target> <Rule RuleId="rule2" Effect="Deny"></Rule> <Rule RuleId="rule1" Effect="Permit"> <Condition> <Apply FunctionId="function:string-is-in"> <Apply FunctionId="function:string-one-and-only"> <ActionAttributeDesignator AttributeId="action:id" DataType="string"/> </Apply> <Apply FunctionId="function:string-bag"> <AttributeValue DataType="string">write</AttributeValue> <AttributeValue DataType="string">read</AttributeValue> </Apply> </Apply> </Condition> </Rule> </Policy> A request with read or write will be allowed A request with read or write will be denied since the first rule will be applied 95 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACMUT Mutation operators for XACML policies Proposal1 PSTT PSTF PTT PTF RTT RTF RCT RCF CPC CRC CRE New operators RUF AUF CNOF CLF ANF CCF FPR FDR Proposal2 PPD RPT ANR RER 96
  • 49. 11-07-2013 49 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” XACMUT Main Interface 97 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Experimental Setting #M %E #M %E #M %E #M %E Policy #Rule #Cond #Sub #Res #Act #Funct #TS Proposal1 Proposal2 New Operators Total demo-5 3 2 2 3 2 4 39 18 67 43 21 37 86 98 54 demo-11 3 2 2 3 1 5 35 16 63 29 21 32 84 77 56 demo-26 2 1 1 3 1 4 32 13 31 28 14 31 77 72 44 student1 2 0 5 2 2 2 85 12 75 336 58 85 98 433 67 student2 2 0 11 2 2 2 24 23 70 6 50 29 67 58 67 create-doc 3 2 1 2 1 3 8 14 86 3 67 19 74 36 78 read-doc 4 3 2 4 1 3 7 17 53 4 0 26 54 47 49 delete-doc 3 2 1 3 1 3 6 14 57 3 0 21 57 38 53 university1 3 0 24 3 3 2 203 18 72 109 85 61 97 188 88 university2 3 0 23 3 3 2 33 12 75 56 79 37 95 105 84 M: Mutants E: Test suite EffectivenessTS: Test Suite derived using Targen 98
  • 50. 11-07-2013 50 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” And now… Forget everything you have just learned about XACML-based control of access, because …. is the new big thing ahead !!! 99 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Usage Control Model: Beyond Access Control Traditional Access Control time Before usage Pre decision Ongoing decision Ongoing usage Mutability of attributes Pre update Ongoing update Post update After usage 100
  • 51. 11-07-2013 51 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Usage Control Model (UCON)* Is based on: Authorizations Obligations Conditions Mutability of Attributes Continuous policy enforcement * Defined by J. Park and R. Sandhu, The UCON Usage Control Model. ACM Trans. On Information and System Security, 7(1), 2004 101 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Policy Language (based) on Process Algebra (PolPA)* •  A formal policy language for UCON •  An operational language based on process description languages •  The idea is to describe the allowed sequences of actions (commands) •  Policies can thus be formally verified, compared, minimized, refined *F. Martinelli and P. Mori, “On usage control for grid systems,” Future Generation Computer Systems, vol. 26, no. 7, pp. 1032–1042, 2010 102
  • 52. 11-07-2013 52 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Usage control commands tryaccess(s, r, a): performed by subject s when performing a new access request (s, r, a) permitaccess/denyaccess(s, r, a): performed by the system when granting/denying the access request (s, r, a) endaccess(s, r, a): performed by subject s when ending an access (s, r, a) revokeaccess(s, r, a): performed by the system when revoking an ongoing access (s, r, a) update(attribute): updating a subject or an object attribute Commands composition operators: ., or, par 103 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Example of PolPA Policy 104
  • 53. 11-07-2013 53 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” PolPA Authorization System 105 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Testing Purpose PDP Policies Test Suite SUT Oracle reply request request request request verdict PDP (Policy Decision Point): evaluates the requests against the usage control policies 106
  • 54. 11-07-2013 54 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” How to do PDP testing? Emulate a possible PEP by issuing tryaccess and endaccess commands to the PDP 107 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Which test approach? # A test case (request) is a sequence of commands (tryaccess/endaccess) with a variable number of action parameters # Traditional combinatorial approaches are not suitable since they do not specifically address the commands order # We propose: # a fault model and the corresponding mutation operators classes for PolPA language # a test cases derivation strategy from the fault model 108
  • 55. 11-07-2013 55 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” A.  Apply fault-model mutation classes to the PolPA policy (FMM) B.  Derive a set of mutants (each mutant is a faulty policy) (FPG) C.  Apply test case generation strategy to each policy (gold policy and all derived faulty policies) (TCG) D.  Execute test cases (TD) E.  Analyze test results (TO) Testing procedure 109 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Change Composition Operator (CCO) implements a violation of the order of execution of the commands Change Command (CC) implements faults in the execution of a command Change Guard String Predicate (CGSP) implements a wrong management of the values of string parameters Change Guard Integer Predicate (CGIP) implements a wrong management of the values of integer parameters Mutation classes 110
  • 56. 11-07-2013 56 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Depth-first visit of the policy 111 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Depth-first visit of the faulty policy (CCO class) 112
  • 57. 11-07-2013 57 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Experimental Data #Mutants #Executed Test cases #Faults Policy - 2 0 Mutant Class CCO 14 45 0 CC 56 84 9 CGSP 4 8 0 CGIP 4 8 0 Total 78 175 9 #  for 9 test cases (of 84) the responses were not the expected ones #  all faults given by test cases derived by mutants having 2 tryaccess(user_id, R1, A(x1, x2)) #  PDP implementation allows for tryaccess an arbitrary number of times (specific application constraint) 113 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” We have covered: ! XML-based testing and TAXI tool ! XACML combinatorial testing and X-CREATE tool ! XACML mutations and XACMUT tool ! Usage-control systems and testing of Polpa quite enough for today! 114
  • 58. 11-07-2013 58 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” What after? Concerning access control -- we are integrating the tools into a continuous framework -- supporting the policy developer after a problem is detected in debugging the policy Concerning usage control -- provide support for continuous on-line testing (already ongoing) -- towards standardized U-XACML 115 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” not only technology humans 116
  • 59. 11-07-2013 59 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Social engineering '  People are generally considered the weakest link in information assurance '  As organizations improve their security processes and technologies, more and more attackers focus on exploiting human errors or ingenuity '  So-called social engineering malware is rising as the most successful tactic: it manipulates the natural human tendency to trust Figure from Sherly Abraham, InduShobha Chengalur-Smith, An overview of social engineering malware: Trends, tactics, and implications, Technology in Society, 32 (3), 2010, 183–196 117 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” So the message is: -  Stay informed on the technology -  Adopt best practice and protect your data, -  Test your security mechanisms, and.. -  Stay alert! 118
  • 60. 11-07-2013 60 SOFTWARE ENGINEERING AND DEPENDABLE COMPUTING LABORATORY ISTITUTO DI SCIENZA E TECNOLOGIE DELL'INFORMAZIONE “A. FAEDO” Question time 119