Section: Other Grants and Activities
National Grants & Contracts
CNRS ACI Sécurité Potestat: Security Policies: Test Directed Analysis of Open Network Systems
The POTESTAT project [2004-2007] ( http://www-lsr.imag.fr/POTESTAT/ ) addresses the problem of testing security policies for open networked systems. It was a joint project of 5 teams in 3 laboratories (The Vasco team of LIG Grenoble, the DCS team of VERIMAG Grenoble and Distribcom, Lande and VerTeCs project-teams in INRIA Rennes.
In the framework of open service implementations, based on the interconnection of heterogeneous systems, the security managers lack of well-formalized analysis techniques. The security of such systems is therefore organized from pragmatic elements, based on well-known vulnerabilities and their associated solutions. It then remains to verify if such security policies are correctly and effectively implemented in the actual system. This is usually carried out by auditing the administrative procedures and the system configuration. Tests are then performed, for instance by probing, to check the presence of some particular vulnerabilities. Although some tools are already available for specific tests (like password crackers), there is no solution to analyse the whole system conformance with respect to a security policy. The initial approach to the problem was based on previous experience of the partners. We had experience on the use of formal models either to test the conformance of a distributed implementation to a specification (conformance testing for network protocols) or to analyse downloaded code (where testing can complement static analysis techniques). Based on this background, we proposed the two following different directions.
Diagnosis. Whereas protocol testing is usually done through active tests, it turns out that passive testing techniques may be better related to the control of security requirements, through monitors or access controllers for instance [Oops!] .
Generation of attacks. We investigated the use of test generation techniques for the generation of attacks from security policies (modeled as observers) and network models (an abstraction of the network behavior) [Oops!] .
RNRT POLITESS: Security Policies for Network Information Systems: Modeling, Deployment, Testing and Supervision
The POLITESS project ( http://www.rnrt-politess.info/ ) [2006-2008] involves GET (INT Evry and ENST Rennes), INPG-IMAG (LSR and VERIMAG laboratories), France Telecom R&D Caen, Leyrios Technologies, SAP Research, AQL Silicomp Rennes and Irisa. In a sense, this project is an extension of the Potestat project. The objective of the project is to study and provide methodological guidelines and software solutions for a formal approach to security of networks. This encompasses the specification of high level security policies with clear semantics, their deployment on the network in terms of security artifacts and the analysis of this deployment, testing and monitoring of security based on models of security policies and abstract models of networks. Our team is involved in several activities, in particular in modelling (defining adequate models for both the system and security policies), testing (modelling security testing, test generation/selection), supervision (intrusion detection, diagnosis) and case studies.