Title :
Mutation Analysis for Security Tests Qualification
Author :
Mouelhi, Tejeddine ; Le Traon, Yves ; Baudry, Benoit
Author_Institution :
GET ENST-Bretagne, Cesson-Sevigne
Abstract :
In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discuss and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tier architecture.
Keywords :
authorisation; library automation; program testing; LMS system software; access control test case qualification; library management system; security mutation operators; security policy testing; Access control; Books; Computer architecture; Data security; Genetic mutations; Least squares approximation; Permission; Qualifications; Software libraries; System testing;
Conference_Titel :
Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION, 2007. TAICPART-MUTATION 2007
Conference_Location :
Windsor
Print_ISBN :
978-0-7695-2984-4
DOI :
10.1109/TAIC.PART.2007.21
