References of "Mouelhi, Tejeddine"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSuspicious Electric Consumption Detection Based on Multi-Profiling Using Live Machine Learning
Hartmann, Thomas UL; Moawad, Assaad UL; Fouquet, François UL et al

in 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm) (2015, November)

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way ... [more ▼]

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way communication, an automated control of devices, and automated meter reading. The digital backbone of the smart grid opens the door for advanced collecting, monitoring, and processing of customers’ energy consumption data. One promising approach is the automatic detection of suspicious consumption values, e.g., due to physically or digitally manipulated data or damaged devices. However, detecting suspicious values in the amount of meter data is challenging, especially because electric consumption heavily depends on the context. For instance, a customers energy consumption profile may change during vacation or weekends compared to normal working days. In this paper we present an advanced software monitoring and alerting system for suspicious consumption value detection based on live machine learning techniques. Our proposed system continuously learns context-dependent consumption profiles of customers, e.g., daily, weekly, and monthly profiles, classifies them and selects the most appropriate one according to the context, like date and weather. By learning not just one but several profiles per customer and in addition taking context parameters into account, our approach can minimize false alerts (low false positive rate). We evaluate our approach in terms of performance (live detection) and accuracy based on a data set from our partner, Creos Luxembourg S.A., the electricity grid operator in Luxembourg. [less ▲]

Detailed reference viewed: 250 (26 UL)
Full Text
Peer Reviewed
See detailAutomated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets
Xu, Dianxiang; Kent, Michael; Thomas, Lijo et al

in IEEE TRANSACTIONS ON COMPUTERS (2015), 64(9), 2490-2505

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming ... [more ▼]

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming errors. Defects in the implementation may lead to unauthorized access and security breaches. To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets. Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system functions). The access control tests are generated automatically from the test models to exercise the interactions of access control activities. They are transformed into executable code through a model-implementation mapping that maps the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages. The full model-based testing process has been applied to three systems implemented in Java. The effectiveness is evaluated through mutation analysis of role-based access control rules. The experiments show that the model-based approach is highly effective in detecting the seeded access control defects. [less ▲]

Detailed reference viewed: 60 (10 UL)
Full Text
Peer Reviewed
See detailCoverage-based Test Cases Selection for XACML Policies
Bertolino, Antonia; Le Traon, Yves UL; Lonetti, Francesca et al

in IEEE International Conference on Software Testing Verification and Validation Workshops (2014)

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually ... [more ▼]

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run. [less ▲]

Detailed reference viewed: 71 (1 UL)
See detailA Toolchain for Model-Based Design and Testing of Access Control Systems
Daoudagh, Said; El Kateb, Donia UL; Lonetti, Francesca et al

in MODELSWARD 2015 (2014)

In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the ... [more ▼]

In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies. Due to the complexity of the standard language, it is recommended to rely on model-driven approaches which allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that involves a model-driven approach to specify and generate XACML policies and also enables automated testing of the PDP component. We use XACML-based testing strategies for generating appropriate test cases which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An experimental assessment of the toolchain and its use on a realistic case study are also presented. [less ▲]

Detailed reference viewed: 82 (5 UL)
Full Text
Peer Reviewed
See detailAccess Control Enforcement Testing
El Kateb, Donia; ElRakaiby, Yehia; Mouelhi, Tejeddine et al

in Abstract book of 2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST) (2013)

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy ... [more ▼]

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy. [less ▲]

Detailed reference viewed: 60 (1 UL)