Communication publiée dans un périodique (Colloques, congrès, conférences scientifiques et actes)
A Model-Based Approach to Automated Testing of Access Control Policies
Xu, Dianxiang; THOMAS, Lijo; Kent, Michael et al.
2012In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, p. 100-110
Peer reviewed
 

Documents


Texte intégral
sacmat11-xu.pdf
Postprint Auteur (612.57 kB)
Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers



Détails



Mots-clés :
Access control; Model-based testing; Mutation analysis; Petri nets; Software testing
Résumé :
[en] Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.
Disciplines :
Sciences informatiques
Identifiants :
UNILU:UL-CONFERENCE-2012-121
Auteur, co-auteur :
Xu, Dianxiang;  National Center for the Protection of the Financial Infrastructure, Dakota State University Madison, USA
THOMAS, Lijo ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Kent, Michael
MOUELHI, Tejeddine ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
LE TRAON, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
A Model-Based Approach to Automated Testing of Access Control Policies
Date de publication/diffusion :
2012
Nom de la manifestation :
17th ACM Symposium on Access Control Models and Technologies (SACMAT 2012)
Lieu de la manifestation :
Newark, Etats-Unis - New Jersey
Date de la manifestation :
20-22 June 2012
Manifestation à portée :
International
Titre du périodique :
Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pagination :
100-110
Peer reviewed :
Peer reviewed
Disponible sur ORBilu :
depuis le 03 avril 2016

Statistiques


Nombre de vues
107 (dont 0 Unilu)
Nombre de téléchargements
345 (dont 5 Unilu)

citations Scopus®
 
31
citations Scopus®
sans auto-citations
23
OpenCitations
 
19

Bibliographie


Publications similaires



Contacter ORBilu