[en] Delegation is an important dimension of security that plays a crucial role in the administration mechanism of access control policies. Delegation may be viewed as an exception made to an access control policy in which a user gets right to act on behalf of other users. This meta-level characteristic together with the complexity of delegation itself make it crucial to ensure the correct enforcement and management of delegation policy in a system via testing. To this end, we adopt mutation analysis for delegation policies. In order to achieve this, a set of mutant operators specially designed for introducing mutants into the key components (features) of delegation is proposed. Our approach consists of analyzing the representation of the key components of delegation, based on which we derive the suggested set of mutant operators. These operators can then be used to introduce mutants into delegation policies and thus, enable mutation testing. A demonstration of the proposed approach on a model-driven adaptive delegation implementation of a library management system is also provided.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
NGUYEN, Phu Hong ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
PAPADAKIS, Mike ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
RUBAB, Iram ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
Langue du document :
Anglais
Titre :
Testing Delegation Policy Enforcement via Mutation Analysis
Date de publication/diffusion :
mars 2013
Nom de la manifestation :
IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2013
