3rd International ICST Symposium on Information Assurance and Security

Research Article

Team Edit Automata for Testing Security Property

  • @INPROCEEDINGS{10.1109/IAS.2007.45,
        author={Zhenrong  Yang and Aiman  Hanna and Mourad  Debbabi},
        title={Team Edit Automata for Testing Security Property},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Automata  Automatic testing  Information security  Information systems  Instruments  Mathematical model  Memory management  Safety  Software testing  System testing},
        doi={10.1109/IAS.2007.45}
    }
    
  • Zhenrong Yang
    Aiman Hanna
    Mourad Debbabi
    Year: 2007
    Team Edit Automata for Testing Security Property
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.45
Zhenrong Yang1,*, Aiman Hanna1,*, Mourad Debbabi1,*
  • 1: Concordia Institute for Information Systems Security Concordia University, Montreal, Quebec, Canada
*Contact email: zhenr_ya@encs.concordia.ca, ahanna@encs.concordia.ca, debbabi@encs.concordia.ca

Abstract

This paper introduces a mathematical model, called team edit automata, for evaluating software security properties. We use the model to describe security properties and their correlation in the software programs. The component automata can suppress and insert actions and report possible flaws. They are used to specify individual security properties. The team is composed of multiple component automata interacting through shared actions. It models the situation where some program events are concerned by multiple security properties jointly. The paper concludes by a case study of detecting memory management and pointer manipulation flaws in C/C++ programs.