A Formal Approach for Interoperability Testing of Security Rules

Abstract

The interaction between business communities becomes a crucial requirement due to the need of exchanging and sharing resources and services. In general, each system defines its own security policy to manage access control to its resources. In this case, we may have security interoperability problems due to the variety and complexity of secured systems implementations. In this paper, we provide a formal approach for interoperability testing of security rules. First we propose a method to integrate interoperability security rules in a functional model represented by an extended finite automata. Then, test cases are generated from the obtained secured functional model by using an automatic test generation tool, Test Gen-IF. As an application, we provide a case study of security interoperability between two hospitals that share some resources.