Reference : Model-Based Testing of Obligations
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Model-Based Testing of Obligations
Rubab, Iram [Univ Luxembourg, Snt Ctr Secur Reliabil & Trust, Luxembourg, Luxembourg.]
Ali, Shaukat [Certus Software V&V Ctr, Simula Res Lab, Lysaker, Norway.]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
14th Annual International Conference on Quality Software (QSIC)
Ieee Computer Soc
Los Alamitos
14th Annual International Conference on Quality Software (QSIC)
OCT 02-03, 2014
IEEE Reliabil Soc, UT Dallas, IEEE Comp Soc
[en] Obligations ; Access control policy ; UML profile ; UML class diagram ; UML state machines ; Model based testing
[en] Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness.

File(s) associated to this reference

Fulltext file(s):

Open access
Model-Based Testing of Obligations.pdfPublisher postprint515.06 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.