Bernard Stepien scite author profile

Bernard Stepien

5Publications

91Citation Statements Received

19Citation Statements Given

How they've been cited

124

How they cite others

Affiliations

University of Ottawa, Fraunhofer Institute for Open Communication Systems, Bell (Canada)

Publications

Order By: Most citations

Formal correctness of conflict detection for firewalls

Capretta

Stepien

Felty

et al. 2007

View full text Add to dashboard Cite

We describe the formalization of a correctness proof for a conflict detection algorithm for firewalls in the Coq Proof Assistant. First, we give formal definitions in Coq of a firewall access rule and of an access request to a firewall. Formally, two rules are in conflict if there exists a request on which one rule would allow access and the other would deny it. We express our algorithm in Coq, and prove that it finds all conflicts in a set of rules. We obtain an OCaml version of the algorithm by direct program extraction. The extracted program has successfully been applied to firewall specifications with over 200,000 rules.

show abstract

PerfTTCN, a TTCN language extension for performance testing

Schieferdecker

Stepien

Rennoch

1997

View full text Add to dashboard Cite

This paper presents a new approach to test the performance of protocols, services, or application implementations (IUT) under normal and overload situations, to identify performance levels of the IUT for ranges of parameter settings and to assess the measured performance. A performance test describes precisely the configuration of the IUT, the configuration of the network, and the load characteristics (the so called performance test configuration). PerfTTCN -an extension of TTCN with notions of time, measurements, and performance -is a formalism to describe performance tests in an understandable, unambiguous and re-usable way with the benefit to make the test results comparable. MotivationDifferent approaches for guaranteeing the end user certain levels of QoS were developed, since the non-functional aspects, in particular Quality-of-Service (QoS) aspects of distributed telecommunication services (e.g. multimedia collaboration, tele-teaching, etc.) are as important as functional aspects. They include approaches for QoS negotiation between peer user and service and network provider, QoS guarantees of communication services, QoS monitoring and management including self-adapting applications.This proposal considers QoS in the area of testing. In general, testing is a method to check whether an implementation meets certain requirements that are described in a specification. QoS testing checks the end-to-end quality of a service implementation against the QoS requirements. A specific class of QoS is that of performance-oriented QoS including delays (e.g. of a response), throughputs (e.g. for bulk data), and rates (e.g. of errors). We concentrate exclusively on performance-oriented QoS, other classes of QoS are out of the scope. Subsequently, we use the term performance instead of QoS and consequently performance testing instead of QoS testing.One of the well-established methods in testing is that of conformance testing, which is used to check that an implementation meets its functional requirements. Since conformance testing is aimed at checking purely the functional behaviour of system implementations, it lacks in concepts of time and performance. Timers are the only way to require certain time periods for test events to occur. They are used to determine whether test events occur too early, too late or not at all.While traditionally the temporal ordering and type of PDUs/ASPs have been the main target of conformance testing, we attempt here to introduce performance measurements and Quality of Service (QoS) requirements in the conformance testing. Performance measurements in a 1. Guest researcher from the University of Ottawa, Canada 2 network traditionally consists in sending time stamped packets through a network and record delays and throughput. Once such data has been collected a number of statistics can be computed and displayed. However these statistics can sometime be meaningless when the actual conditions in which these measurements have been performed are unknown. Different strategies can be used to...

show abstract

Advantages of a non-technical XACML notation in role-based models

Stepien

Matwin

Felty

2011

View full text Add to dashboard Cite

Framework testing of web applications using TTCN-3

Stepien

Peyton

Xiong

2008

Int J Softw Tools Technol Transf

View full text Add to dashboard Cite

A Non-technical User-Oriented Display Notation for XACML Conditions

Stepien

Felty

Matwin

2009

View full text Add to dashboard Cite

Abstract. Ideally, access control to resources in complex IT systems ought to be handled by business decision makers who own a given resource (e.g., the pay and benefits section of an organization should decide and manage the access rules to the payroll system). To make this happen, the security and database communities need to develop vendor-independent access management tools, useable by decision makers, rather than technical personnel detached from a given business function. We have developed and implemented such tool, based on XACML. The XACML is an important emerging tool for managing complex access control applications. As a formal notation, based on an XML schema representing the grammar of a given application, XACML is precise and non-ambiguous. But this very property puts it out of reach of non-technical users. We propose a new notation for displaying and editing XACML rules that is independent of XML, and we develop an editor for it. Our notation combines a tree representation of logical expressions with an accessible natural language layer. Our early experience indicates that such rules can be grasped by non-technical users wishing to develop and control rules for accessing their own resources.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bernard Stepien

Formal correctness of conflict detection for firewalls

PerfTTCN, a TTCN language extension for performance testing

Advantages of a non-technical XACML notation in role-based models

Framework testing of web applications using TTCN-3

A Non-technical User-Oriented Display Notation for XACML Conditions

Contact Info

Product

Resources

About