Model-Based Tests for Access Control Policies

13 years 11 months ago

Download www.inf.ethz.ch

We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model— and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.

Alexander Pretschner, Tejeddine Mouelhi, Yves Le T

Real-time Traffic

Access Control | ICST 2008 | Random Tests | Software Engineering | Testing Access Control |

claim paper

» A fault model and mutation testing of access control policies

» Conformance Checking of Access Control Policies Specified in XACML

» TestDriven Assessment of Access Control in Legacy Applications

» Term Rewriting for Access Control

» Exploring reactive access control

» Verifying resource access control on mobile interactive devices

» Formalisation and implementation of Access control models

» Using trust and risk in rolebased access control policies

Post Info
More Details (n/a)

Added	31 May 2010
Updated	31 May 2010
Type	Conference
Year	2008
Where	ICST
Authors	Alexander Pretschner, Tejeddine Mouelhi, Yves Le Traon

Comments (0)

Sciweavers

Model-Based Tests for Access Control Policies

Access Control | ICST 2008 | Random Tests | Software Engineering | Testing Access Control |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers