Communication publiée dans un périodique (Colloques, congrès, conférences scientifiques et actes)
Testing Obligation Policy Enforcement using Mutation Analysis
EL RAKAIBY, Yehia; MOUELHI, Tejeddine; LE TRAON, Yves
2012 • In Proceedings of the 7th International Workshop on Mutation Analysis (associated to the Fifth International Conference on Software Testing, Verification, and Validation, ICST 2012), p. 100-110
Access control policies; Application codes; Java program; Key elements; Minimal errors; Mutation analysis; Mutation operators; Mutation process; Policy enforcement; Policy management; Test case; Test selection; Usage control
Résumé :
[en] The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these policies, it is crucial to ensure their correct enforcement and management in the system. For this reason, this paper introduces a set of mutation operators for obligation policies. The paper first identifies key elements in obligation policy management, then presents mutation operators which injects minimal errors which affect these aspects. Test cases are qualified w.r.t. their ability in detecting problems, simulated by mutation, in the interactions between policy management and the application code. The use of policy mutants as substitutes for real flaws enables a first investigation of testing obligation policies in a system. We validate our work by providing an implementation of the mutation process: the experiments conducted on a Java program provide insights for improving test selection.
Disciplines :
Sciences informatiques
Identifiants :
UNILU:UL-CONFERENCE-2012-122
Auteur, co-auteur :
EL RAKAIBY, Yehia ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
MOUELHI, Tejeddine ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
LE TRAON, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Testing Obligation Policy Enforcement using Mutation Analysis
Date de publication/diffusion :
2012
Nom de la manifestation :
MUTATION'12, 7th International workshop on mutation analysis
Lieu de la manifestation :
Montreal, QC, Canada
Date de la manifestation :
17 April 2012
Manifestation à portée :
International
Titre du périodique :
Proceedings of the 7th International Workshop on Mutation Analysis (associated to the Fifth International Conference on Software Testing, Verification, and Validation, ICST 2012)
