Team VerTeCs

Members
Overall Objectives
Scientific Foundations
Application Domains
Software
New Results
Contracts and Grants with Industry
Other Grants and Activities
Dissemination
Bibliography

Section: Other Grants and Activities

National Grants & Contracts

CNRS ACI Sécurité Potestat: Security Policies: Test Directed Analysis of Open Network Systems

Participants : Jérémy Dubreil, Thierry Jéron, Hervé Marchand, Vlad Rusu.

The POTESTAT project [2004-2007] ( http://www-lsr.imag.fr/POTESTAT/ ) addresses the problem of testing security policies for open networked systems. It was a joint project of 5 teams in 3 laboratories (The Vasco team of LIG Grenoble, the DCS team of VERIMAG Grenoble and Distribcom, Lande and VerTeCs project-teams in INRIA Rennes.

In the framework of open service implementations, based on the interconnection of heterogeneous systems, the security managers lack of well-formalized analysis techniques. The security of such systems is therefore organized from pragmatic elements, based on well-known vulnerabilities and their associated solutions. It then remains to verify if such security policies are correctly and effectively implemented in the actual system. This is usually carried out by auditing the administrative procedures and the system configuration. Tests are then performed, for instance by probing, to check the presence of some particular vulnerabilities. Although some tools are already available for specific tests (like password crackers), there is no solution to analyse the whole system conformance with respect to a security policy. The initial approach to the problem was based on previous experience of the partners. We had experience on the use of formal models either to test the conformance of a distributed implementation to a specification (conformance testing for network protocols) or to analyse downloaded code (where testing can complement static analysis techniques). Based on this background, we proposed the two following different directions.

RNRT POLITESS: Security Policies for Network Information Systems: Modeling, Deployment, Testing and Supervision

Participants : Jérémy Dubreil, Hatem Hamdi, Thierry Jéron, Hervé Marchand, Vlad Rusu.

The POLITESS project ( http://www.rnrt-politess.info/ ) [2006-2008] involves GET (INT Evry and ENST Rennes), INPG-IMAG (LSR and VERIMAG laboratories), France Telecom R&D Caen, Leyrios Technologies, SAP Research, AQL Silicomp Rennes and Irisa. In a sense, this project is an extension of the Potestat project. The objective of the project is to study and provide methodological guidelines and software solutions for a formal approach to security of networks. This encompasses the specification of high level security policies with clear semantics, their deployment on the network in terms of security artifacts and the analysis of this deployment, testing and monitoring of security based on models of security policies and abstract models of networks. Our team is involved in several activities, in particular in modelling (defining adequate models for both the system and security policies), testing (modelling security testing, test generation/selection), supervision (intrusion detection, diagnosis) and case studies.


previous
next

Logo Inria