Testing Delegation Policy Enforcement via Mutation Analysis

Delegation is an important dimension of security that plays a crucial role in the administration mechanism of access control policies. Delegation may be viewed as an exception made to an access control policy in which a user gets right to act on behalf of other users. This meta-level characteristic together with the complexity of delegation itself make it crucial to ensure the correct enforcement and management of delegation policy in a system via testing. To this end, we adopt mutation analysis for delegation policies. In order to achieve this, a set of mutant operators specially designed for introducing mutants into the key components (features) of delegation is proposed. Our approach consists of analyzing the representation of the key components of delegation, based on which we derive the suggested set of mutant operators. These operators can then be used to introduce mutants into delegation policies and thus, enable mutation testing. A demonstration of the proposed approach on a model-driven adaptive delegation implementation of a library management system is also provided.