Reference : Testing Delegation Policy Enforcement via Mutation Analysis
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/10114
Testing Delegation Policy Enforcement via Mutation Analysis
English
Nguyen, Phu Hong mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Papadakis, Mike mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Rubab, Iram mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
Mar-2013
7th International Workshop on Mutation Analysis
IEEE
34-42
Yes
No
International
978-1-4799-1324-4
IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2013
from 18-03-2013 to 22-03-2013
ICST
Luxembourg
Luxembourg
[en] Access Control ; Delegation ; Mutation Analysis ; Security Testing ; Model-Driven Security
[en] Delegation is an important dimension of security that plays a crucial role in the administration mechanism of access control policies. Delegation may be viewed as an exception made to an access control policy in which a user gets right to act on behalf of other users. This meta-level characteristic together with the complexity of delegation itself make it crucial to ensure the correct enforcement and management of delegation policy in a system via testing. To this end, we adopt mutation analysis for delegation policies. In order to achieve this, a set of mutant operators specially designed for introducing mutants into the key components (features) of delegation is proposed. Our approach consists of analyzing the representation of the key components of delegation, based on which we derive the suggested set of mutant operators. These operators can then be used to introduce mutants into delegation policies and thus, enable mutation testing. A demonstration of the proposed approach on a model-driven adaptive delegation implementation of a library management system is also provided.
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
The National Research Fund of Luxembourg (FNR)
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/10114
10.1109/ICSTW.2013.12
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6571606&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6571606

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
TestingDelegationPolicyViaMutationAnalysis-CamReady.pdfPublisher postprint1.21 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.