2014 SEVENTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2014)
7th IEEE International Conference on Software Testing, Verification and Validation (ICST)
MAR 31-APR 04, 2014
IEEE Comp Soc, IEEE, ABB
[en] coverage criterion ; test selection ; XACML based access control systems ; Access control policies ; Coverage criteria ; Critical tasks ; De facto standard ; Mutation analysis ; Mutation score ; Test selection ; XACML policies
[en] XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run.