Reference : A Model-Based Approach to Automated Testing of Access Control Policies
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/26425
A Model-Based Approach to Automated Testing of Access Control Policies
English
Xu, Dianxiang [National Center for the Protection of the Financial Infrastructure, Dakota State University Madison, USA]
Thomas, Lijo [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Kent, Michael [> >]
Mouelhi, Tejeddine mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2012
Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
100-110
Yes
International
17th ACM Symposium on Access Control Models and Technologies (SACMAT 2012)
20-22 June 2012
Newark
NJ
[en] Access control ; Model-based testing ; Mutation analysis ; Petri nets ; Software testing
[en] Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.
http://hdl.handle.net/10993/26425

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
sacmat11-xu.pdfNo commentaryAuthor postprint598.21 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.