Paper published in a journal (Scientific congresses, symposiums and conference proceedings)
A Model-Based Approach to Automated Testing of Access Control Policies
Xu, Dianxiang; Thomas, Lijo; Kent, Michael et al.
2012In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, p. 100-110
Peer reviewed
 

Files


Full Text
sacmat11-xu.pdf
Author postprint (612.57 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Access control; Model-based testing; Mutation analysis; Petri nets; Software testing
Abstract :
[en] Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.
Disciplines :
Computer science
Identifiers :
UNILU:UL-CONFERENCE-2012-121
Author, co-author :
Xu, Dianxiang;  National Center for the Protection of the Financial Infrastructure, Dakota State University Madison, USA
Thomas, Lijo ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Kent, Michael
Mouelhi, Tejeddine ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Le Traon, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
yes
Language :
English
Title :
A Model-Based Approach to Automated Testing of Access Control Policies
Publication date :
2012
Event name :
17th ACM Symposium on Access Control Models and Technologies (SACMAT 2012)
Event place :
Newark, United States - New Jersey
Event date :
20-22 June 2012
Audience :
International
Journal title :
Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pages :
100-110
Peer reviewed :
Peer reviewed
Available on ORBilu :
since 03 April 2016

Statistics


Number of views
104 (0 by Unilu)
Number of downloads
340 (5 by Unilu)

Scopus citations®
 
31
Scopus citations®
without self-citations
23
OpenCitations
 
19

Bibliography


Similar publications



Contact ORBilu