Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Model-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel et al.
2014In 14th Annual International Conference on Quality Software (QSIC)
Peer reviewed


Full Text
Model-Based Testing of Obligations.pdf
Publisher postprint (527.42 kB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
Obligations; Access control policy; UML profile; UML class diagram; UML state machines; Model based testing
Abstract :
[en] Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness.
Disciplines :
Computer science
Author, co-author :
Rubab, Iram;  Univ Luxembourg, Snt Ctr Secur Reliabil & Trust, Luxembourg, Luxembourg.
Ali, Shaukat;  Certus Software V&V Ctr, Simula Res Lab, Lysaker, Norway.
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Le Traon, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
Title :
Model-Based Testing of Obligations
Publication date :
Event name :
14th Annual International Conference on Quality Software (QSIC)
Event organizer :
IEEE Reliabil Soc, UT Dallas, IEEE Comp Soc
Event place :
Dallas, United States - Texas
Event date :
OCT 02-03, 2014
Audience :
Main work title :
14th Annual International Conference on Quality Software (QSIC)
Publisher :
Ieee Computer Soc, Los Alamitos, Unknown/unspecified
Pages :
Peer reviewed :
Peer reviewed
Commentary :
Available on ORBilu :
since 09 April 2016


Number of views
175 (1 by Unilu)
Number of downloads
229 (1 by Unilu)

Scopus citations®
Scopus citations®
without self-citations
WoS citations


Similar publications

Contact ORBilu