References of "Thomas, Lijo 30000674"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Model-Based Approach to Automated Testing of Access Control Policies
Xu, Dianxiang; Thomas, Lijo UL; Kent, Michael et al

in Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (2012)

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed ... [more ▼]

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations. [less ▲]

Detailed reference viewed: 136 (0 UL)