JeeyHyun passed his final PhD defense on March 14th, 2014
Title: Improving the Quality of Security Policies
Abstract: Systems such as web applications, database systems, and cloud services regulate users’ access control to sensitive resources based on security policies. A recent report stated that organizations managed security policies in an ad-hoc and inconsistent manner due to a lack of budget, resources, and staff. This management could cause crucial security problems such as unauthorized access to sensitive resources.
In computer systems, security policies are enforced to specify correct functioning of access control such as “who” (e.g., authorized users or processes) can perform actions under “what” conditions. Faults (i.e., misconfigurations) in security policies could result in tragic consequences, such as disallowing an authorized user to access her/his resources and allowing malicious users to access critical resources.
Policy authors may follow common patterns in specifying and maintaining security policies. Policy authors reuse common patterns and reduce mistakes. Violations of those patterns are candidates for inspection to determine whether these violations expose faults. Moreover, to improve the quality of security policies in terms of policy correctness, policy authors must conduct rigorous testing and verification during testing and maintenance phases of software development process. However, manual test-input generation and verification is an error-prone, time-consuming, and tedious task.
In this dissertation, we propose approaches that help improve the quality of security policies automatically. Our research goal is to assist policy authors to improve the quality of security policies by providing automated pattern-mining and testing techniques that help detect faults efficiently. This dissertation is comprised of three research projects where each project focuses on a specific software engineering task. The three research projects are as follows:
Pattern Mining. We present an approach to mine patterns characterizing correlations of attributes in security policies from security policies of open source software products. Our approach applies data mining techniques on policy evolution and specification data of those security policies to identify common patterns, which represent likely usage of security policies. Our approach uses mined patterns as policy specification rules and detect faults in security policies under analysis as deviations from the mined patterns..
Automated Test Generation. We present a systematic structural testing approach. Our approach is based on the concept of policy coverage, which helps test a policy’s structural entities (i.e., rules, predicates, and clauses) to check whether each entity is specified correctly. Our approach analyzes security policies under test and generates test cases automatically to achieve high structural coverage. These test cases can achieve higher fault-detection capability (i.e., detecting more injected faults).
Automated Test Selection for Regression Testing. We present a safe-test-selection approach for regression testing of security policies. Among given initial test cases in access control systems under test, our approach selects and executes only test cases that could expose different policy behaviors across multiple versions of security policies. Our approach helps detect unexpected policy behaviors (i.e., regression faults) caused by policy changes efficiently.