List of publications of the Politess project

International Journals

• C. Constant, T. Jéron, H. Marchand, V. Rusu. Integrating formal verification and conformance testing for reactive systems. IEEE Transactions on Software Engineering,  33(8):558-574, August 2007.
• F. Cuppens and N. Cuppens-Boulahia and M. Ben Ghorbel. High-level conflict management strategies in advanced access control models. Electronic Notes in Theoretical Computer Science (ENTCS), Vol. 186, pp. 3-26, July 2007.
• F. Cuppens and N. Cuppens-Boulahia. Modeling contextual Security Policies. International Journal of Information Security, 7(4), August 2008.
• D. Abi Haidar, N. Cuppens-Boulahia, F. Cuppens, H. Debar. XeNA: An access Control Framework Using XaCML. Annals of TELECOM, October, 2008.

International Conferences

• V. Darmaillacq,J.-C. Fernandez, R. Groz, L. Mounier, J.-L. Richier. Test Generation for Network Security Rules. TestCom, p. 341-356, 2006.
• Y. Falcone, J.-C. Fernandez, L. Mounier, J.-L. Richier. A Test Calculus Framework Applied to Network Security Policies. FATES/RV, p. 55-69, 2006.
• Y. Falcone, J.-C. Fernandez, L. Mounier, J.-L. Richier. A Compositional Testing Framework Driven by Partial Specifications. TESTCOM/FATES, 2007.
• K. Li, L. Mounier, R. Groz. Test Generation from Security Policies Specified in Or-BAC. COMPSAC - IWSSE Workshop (IEEE International Workshop on Security in Software Engineering) Beijing, July 2007.
• M. Shahbaz, R. Groz. Using Invariant Detection Mechanism in Black Box Inference. ISoLA Workshop on Leveraging Applications of Formal Methods, Poitiers, December 2007.
• Y. Falcone, L. Mounier, J.-C. Fernandez, J.-L. Richier. j-POST : a Java Toolchain for Property-Oriented Software Testing. Model-Based Testing (MBT), 2008.
• V. Darmaillacq, J-L. Richier, R. Groz. Test generation and execution for security rules in temporal logic 1st IEEE Workshop on Security Testing, Lillehammer, April 2008.
• V. Darmaillacq. Security policy testing using vulnerability exploit chaining. In Proceedings of the 1st International ICST Workshop on Security Testing - Sectest'08. Lillehammer, Norway. April 9th, 2008.
• Y. Falcone, J.-C. Fernandez, L. Mounier. Synthesizing Enforcement Monitors wrt. the Safety-Progress Properties.; International Conference on Information Systems Security (ICISS), Hyderabad, (India), december, 2008.
• J. Dubreil, Ph. Darondeau, H. Marchand. Opacity Enforcing Control Synthesis. in Workshop on Discrete Event Systems, WODES'08, Gothenburg, Sweden, March 2008.
• M. Oostdijk, V. Rusu, J. Tretmans, R. de Vries, T. Willemse. Integrating verification, testing and learning for cryptographic protocols. in Integrated Formal Methods (IFM'07), 2007.
• T. Jéron, H. Marchand, S. Genc, S. Lafortune. Predictability of Sequence Patterns in Discrete Event Systems. in IFAC World Congress, Seoul, Korea, July 2008.
• T. Jéron, H. Marchand, S. Pinchinat, M-O. Cordier. Supervision Patterns in Discrete Event Systems Diagnosis. in Workshop on Discrete Event Systems, WODES'06, Ann-Arbor (MI, USA), July 2006.
• Wissam Mallouli, Jean-Marie Orset, Ana Cavalli, Nora Cuppens et Frédéric Cuppens. A Formal Approach for Testing Security Rules the 12th ACM symposium on access control models and technologies (SACMAT'07), SAP Labs, Sophia Antipolis, France, June 20-22, 2007.
• D. Abi Haidar, N. Cuppens-Boulahia, F. Cuppens, H. Debar. An extended RBAC profile for XACML. SWS'06: 3rd ACM workshop on Secure Web Services, november 3, Fairfax VA, USA, 2006, pp. 13-22.
• Frédéric Cuppens, Nora Cuppens-Boulahia et Meriam Ben Ghorbel. High level conflict management strategies in advanced access control models. Workshop on Information and Computer Security (ICS), Timisoara, Roumanie, Septembre 2006.
• Frédéric Cuppens, Nora Cuppens-Boulahia et Céline Coma. O2O: Managing Security Policy Interoperability with Virtual Private Organizations HP Open View Workshop. Presqu'ile de Gien, France. Juin 2006.
• Frédéric Cuppens, Nora Cuppens-Boulahia, Céline Coma. O2O: Virtual Private Organizations to Manage Security Policy Interoperability. ICISS 2006, Calcutta, Inde, Décembre 2006.
• D. Abi Haidar, N. Cuppens-Boulahia, F. Cuppens, H. Debar. Resource Classification Based Negotiation in Web Services. The Third International Symposium on Information Assurance and Security (IAS), Manchester, United Kingdom, August 29-31, 2007.
• J. Brunel, F. Cuppens, N. Cuppens-Boulahia, T. Sans, J.-P. Bodeveix. Security Policy Compliance with Violation Management. 5th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code (FMSE), Alexandria, VA, USA, 2 November, 2007.
• J. G. Alfaro, F. Cuppens, and N. Cuppens-Boulahia. Aggregating and Deploying Network Access Control Policies. In 2nd International Conference on Availability, Reliability and Security (ARES 2007), April 2007.
• Céline Coma, Nora Cuppens-Boulahia, Frédéric Cuppens, Ana R. Cavalli. Context Ontology for Secure Interoperability. Third IEEE International Conference on Availability, Reliability and Security (ARES 2008), March 4-7, 2008, Barcelona, Spain.
• N. Cuppens-Boulahia, F. Cuppens, D. Abi Haidar, H. Debar. Negotiation of Prohibition: An Approach Based on Policy Rewriting. 23rd International Information Security Conference (SEC 2008). Milan, Italy. September 2008.
• B. Alcalde, and A. Cavalli. Parallel Passive Testing of System Protocols - Towards a Real-time Exhaustive Approach. ICN'06, Mauritius, June 2006.
• W. Mallouli, F. Bessayah, A. Cavalli and A. Benameur. Security Rules Specification and Analysis Based on Passive Testing. The IEEE Global Communications Conference (GLOBECOM 2008), New Orleans, USA, November 30 - December 04, 2008.
• W. Mallouli, B. Wehbi, A. Cavalli. Distributed Monitoring in Ad Hoc Networks: Conformance and Security Checking. The 7th International Conference on AD-HOC Networks & Wireless (ADHOC-Now 2008), Sophia Antipolis, France, September 10-12, 2008.
• W. Mallouli, G. Morales and A. Cavalli. Testing Security Policies for Web Applications. the 1st International ICST workshop on Security Testing (SECTEST'08), Lillehammer, Norway, April 09, 2008.
• A. R. Cavalli, E. Montes De Oca, W. Mallouli, M. Lallali. Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints. The 12-th IEEE International Symposium on Distributed Simulation and Real Time Applications (DS-RT 2008), Vancouver, Canada, October 27-29, 2008.
• W. Mallouli, M. Lallali, G. Morales, A. R. Cavalli. Modeling and Testing Secure Web-Based Systems: Application to an Industrial Case Study. The fourth International Conference on Signal-Image technology & Internet-Based Systems (SITIS 2008), Bali, Indonesia, November 30 - December 3, 2008.
• A. Benameur, F. Abdul Kadir, S. Fenet. XML Rewriting Attacks on SOAP Messages: Existing Solutions and their Limitations. Dans IADIS Applied Computing 2008, Algarve, Portugal.
• F. Bouquet, C. Grandpierre, B. Legeard, and F. Peureux. A test generation solution to automate software testing. In AST'08, 3rd Int. workshop on Automation of Software Test, Leipzig, Germany, pages 45-48, May 2008. ACM Press.
• F. Bouquet, C. Grandpierre, B. Legeard, F. Peureux, N. Vacelet and M. Utting. A subset of precise UML for model-based testing. In A-MOST'07, 3rd int. Workshop on Advances in Model Based Testing, London, UK, pages 95-104, July 2007. ACM Press.

French Journals

• V. Darmaillacq, J.C. Fernandez, R. Groz, L. Mounier, J-L. Richier. Tester la conformité d'un réseau à une politique de sécurité. REE (Revue de l'Électricité et de l'Électronique) Juin-Juillet 2006, pp. 33-43.

French Conferences

• R. Groz, M. Shahbaz, K. Li. Une approche incrémentale de test par extraction de modèles. AFADL'07 (Approches Formelles dans l'Assistance au Développement de Logiciels, 10ème anniversaire), Namur, Juin 2007.
• Y. Falcone. Combiner Test et Monitoring pour la Sécurité. MajeSTIC, 2007.
• Y. Falcone, M. Jaber. Vers l'Intégration Automatique d'une Politique de Sécurité Or-BAC. MajeSTIC, 2007.
• J. Dubreil, T. Jéron, H. Marchand. Construction de moniteurs pour la surveillance de propriétés de sécurité. in 6ème Colloque Francophone sur la Modélisation des Systèmes Réactifs, Lyon, France, October 2007.
• Diala Abi Haidar, Nora Cuppens-Boulahia, Frédéric Cuppens et Hervé Debar. Access Negociation within XACML Architecture. The 2nd Joint Conference on Security in Network Architectures and Information Systems (SAR-SSI). Annecy, France. June 2007.
• F. Autrel, F. Cuppens, N. Cuppens-Boulahia, C. Coma. MotOrBAC 2: a security policy tool. Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI). Loctudy, France, 13-17 October 2008.

Chapitre de livres

• Constant, T. Jéron, H. Marchand, V. Rusu. Validation of Reactive Systems. in Modeling and Verification of Real-TIME Systems - Formalisms and software Tools, S. Merz, N. Navet (eds.), Chapter 2, Pages 51-76, Hermès Science, January 2008.

Other publications

• Présentation du projet au colloque STIC (Lyon).
• J. Dubreil, T. Jéron, H. Marchand. Monitoring Information flow by Diagnosis Techniques. Research Report IRISA, No 1901, August 2008.
• J. Dubreil, Ph. Darondeau, H. Marchand. Opacity Enforcing Control Synthesis. Research Report IRISA, No 1887, March 2008.
• T. Jéron, H. Marchand, S. Genc, S. Lafortune. Predictability of Sequence Patterns in Discrete Event Systems. Research Report IRISA, No 1834, March 2007.
• (Conférence de vulgarisation) : présentation par Smartesting et SAP à la conférence SQC'07 sur la base de l'étude de cas du sous-projet 5.
• Bruno Legeard (Smartesting), Azzedine Benameur and Maarten Rits (SAP). Model-based testing of SAP systems. Software and Systems Quality Conferences - Zurich, Octobre 2007.
• Démonstration de MotOrBAC à SARSSI 2008.
• Présentation de OrBAC au SIB (Syndicat Inter-hospitalier de Brest).
• TAROT Summer School.
• Fêtes de la science (TMSP).
• STIC AMSUD.

Valorisation

• MotOrBAC v2 has been declared to APP with reference: IDDN.FR.001.500008.001.R.C.2006.000.10700.
• MotOrBAC v2 can be found on site www.sourceforge.org (see also OrBAC site: http://www.orbac.org)