International audienceIf access control policy decision points are not neatly separated from the business logic of a system, the evolution of a security policy likely leads to the necessity of changing the system's code base. This is often the case with legacy systems. We present a test-driven methodology to assess the flexibility of a system, a property that describes the degree of coupling between the access control logic and the business logic of a system. A low flexibility indicates that a modification of the policy will lead to substantial changes of the code. In this paper, we analyze the notion of flexibility which is related to the presence of hidden and implicit security mechanisms in the business logic. We detail how testing can b...
Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowi...
ABSTRACT As security requirements of software often change, developers may modify security policies ...
International audienceIn this work, we investigate the combination of controller synthesis and test ...
International audienceIf access control policy decision points are not neatly separated from the bus...
If access control policy decision points are not neatly separated from the business logic of a syste...
Access control, the process of selectively restricting access to a set of resources, is so fundament...
Security has become, nowadays, a major concern for the or-ganizations as the majority of its applica...
The construction of secure software is a notoriously difficult task. The abstract security requireme...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
Access control is essential for safe and secure access to software and hardware resources. Operating...
International audienceIn this paper, we consider typical applications in which the business logic is...
Abstract — With the growth of Enterprises and organizations, the paper-based systems are replaced wi...
Researchers have long argued that the best way to construct a secure system is to proactively integr...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
International audienceWe present a model-based approach to testing access control requirements. By u...
Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowi...
ABSTRACT As security requirements of software often change, developers may modify security policies ...
International audienceIn this work, we investigate the combination of controller synthesis and test ...
International audienceIf access control policy decision points are not neatly separated from the bus...
If access control policy decision points are not neatly separated from the business logic of a syste...
Access control, the process of selectively restricting access to a set of resources, is so fundament...
Security has become, nowadays, a major concern for the or-ganizations as the majority of its applica...
The construction of secure software is a notoriously difficult task. The abstract security requireme...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
Access control is essential for safe and secure access to software and hardware resources. Operating...
International audienceIn this paper, we consider typical applications in which the business logic is...
Abstract — With the growth of Enterprises and organizations, the paper-based systems are replaced wi...
Researchers have long argued that the best way to construct a secure system is to proactively integr...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
International audienceWe present a model-based approach to testing access control requirements. By u...
Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowi...
ABSTRACT As security requirements of software often change, developers may modify security policies ...
International audienceIn this work, we investigate the combination of controller synthesis and test ...