References of "marchetti, eda"
     in
Bookmark and Share    
Full Text
See detailSimilarity testing for access control
Bertolino, Antonia; daoudagh, said; El Kateb, Donia UL et al

in Information and Software Technology (2014)

Detailed reference viewed: 164 (19 UL)
See detailA Toolchain for Model-Based Design and Testing of Access Control Systems
Daoudagh, Said; El Kateb, Donia UL; Lonetti, Francesca et al

in MODELSWARD 2015 (2014)

In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the ... [more ▼]

In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies. Due to the complexity of the standard language, it is recommended to rely on model-driven approaches which allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that involves a model-driven approach to specify and generate XACML policies and also enables automated testing of the PDP component. We use XACML-based testing strategies for generating appropriate test cases which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An experimental assessment of the toolchain and its use on a realistic case study are also presented. [less ▲]

Detailed reference viewed: 104 (5 UL)
Full Text
Peer Reviewed
See detailCoverage-based Test Cases Selection for XACML Policies
Bertolino, Antonia; Le Traon, Yves UL; Lonetti, Francesca et al

in IEEE International Conference on Software Testing Verification and Validation Workshops (2014)

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually ... [more ▼]

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run. [less ▲]

Detailed reference viewed: 101 (1 UL)