Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISSRE
2007
IEEE
2007
IEEE
Testing Security Policies: Going Beyond Functional Testing
While important efforts are dedicated to system functional testing, very few works study how to test specifically security mechanisms, implementing a security policy. This paper introduces security policy testing as a specific target for testing. We propose two strategies for producing security policy test cases, depending if they are built in complement of existing functional test cases or independently from them. Indeed, any security policy is strongly connected to system functionality: testing functions includes exercising many security mechanisms. However, testing functionality does not intend at putting to the test security aspects. We thus propose test selection criteria to produce tests from a security policy. To quantify the effectiveness of a set of test cases to detect security policy flaws, we adapt mutation analysis and define security policy mutation operators. A library case study, a 3-tiers architecture, is used to obtain experimental trends. Results confirm that securi...
Real-time TrafficISSRE 2007 | Security Mechanisms | Security Policy | Security Policy Testing | Software Engineering |
Related Content
| Added | 26 Oct 2010 |
| Updated | 26 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ISSRE |
| Authors | Yves Le Traon, Tejeddine Mouelhi, Benoit Baudry |
Comments (0)
Researcher Info
|
