• Title of article

    Similarity testing for access control

  • Author/Authors

    Bertolino، نويسنده , , Antonia and Daoudagh، نويسنده , , Said and El Kateb، نويسنده , , Donia and Henard، نويسنده , , Christopher and Le Traon، نويسنده , , Yves and Lonetti، نويسنده , , Francesca Maria Marchetti، نويسنده , , Eda and Mouelhi، نويسنده , , Tejeddine and Papadakis، نويسنده , , Mike، نويسنده ,

  • Issue Information
    ماهنامه با شماره پیاپی سال 2015
  • Pages
    18
  • From page
    355
  • To page
    372
  • Abstract
    AbstractContext control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that enforced policies are correct, policy testing must be performed in an effective way to identify potential security flaws and bugs. In practice, exhaustive testing is impossible due to budget constraints. Therefore the tests need to be prioritized so that resources are focused on their most relevant subset. ive aper tackles the issue of access control test prioritization. It proposes a new approach for access control test prioritization that relies on similarity. proach has been applied to several policies and the results have been compared to random prioritization (as a baseline). To assess the different prioritization criteria, we use mutation analysis and compute the mutation scores reached by each criterion. This helps assessing the rate of fault detection. s pirical results indicate that our proposed approach is effective and its rate of fault detection is higher than that of random prioritization. sion clude that prioritization of access control test cases can be usefully based on similarity criteria.
  • Keywords
    Similarity , Test prioritization , Security policies
  • Journal title
    Information and Software Technology
  • Serial Year
    2015
  • Journal title
    Information and Software Technology
  • Record number

    2375405