Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICST
2008
IEEE
2008
IEEE
Test-Driven Assessment of Access Control in Legacy Applications
If access control policy decision points are not neatly separated from the business logic of a system, the evolution of a security policy likely leads to the necessity of changing the system’s code base. This is often the case with legacy systems. We present a testdriven methodology to assess the flexibility of a system, a property that describes the degree of coupling between the access control logic and the business logic of a system. A low flexibility indicates that a modification of the policy will lead to substantial changes of the code. In this paper, we analyze the notion of flexibility which is related to the presence of hidden and implicit security mechanisms in the business logic. We detail how testing can be used for detecting such mechanisms and how it may drive the incremental evolution of a security policy. We use several case studies to illustrate and validate the methodology.
Real-time TrafficRelated Content
| Added | 31 May 2010 |
| Updated | 31 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ICST |
| Authors | Yves Le Traon, Tejeddine Mouelhi, Alexander Pretschner, Benoit Baudry |
Comments (0)
Researcher Info
|
