Model-Based Tests for Access Control Policies
- 1 April 2008
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 338-347
- https://doi.org/10.1109/icst.2008.44
Abstract
We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.Keywords
This publication has 15 references indexed in Scilit:
- Mutation Analysis for Security Tests QualificationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- A fault model and mutation testing of access control policiesPublished by Association for Computing Machinery (ACM) ,2007
- Automated Test Generation for Access Control Policies via Change-Impact AnalysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Model driven securityACM Transactions on Software Engineering and Methodology, 2006
- Is mutation an appropriate tool for testing experiments?Published by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- 10 Methodological Issues in Model-Based TestingLecture Notes in Computer Science, 2005
- Organization based access controlPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Software unit test coverage and adequacyACM Computing Surveys, 1997
- Role-based access control modelsComputer, 1996
- Access control: principle and practiceIEEE Communications Magazine, 1994