Title :
Model-Based Tests for Access Control Policies
Author :
Pretschner, Alexander ; Mouelhi, Tejeddine ; Le Traon, Yves
Author_Institution :
ETH Zurich, Zurich
Abstract :
We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.
Keywords :
access control; combinatorial mathematics; testing; access control policies; combinatorial testing; model-based tests; policy decision points; random tests; Access control; Application software; Automatic testing; Data security; Genetic mutations; Internet; Logic; Performance evaluation; Software testing; System testing; Access Control; Combinatorial Testing; Model-Based Testing; Mutation Testing;
Conference_Titel :
Software Testing, Verification, and Validation, 2008 1st International Conference on
Conference_Location :
Lillehammer
Print_ISBN :
978-0-7695-3127-4
DOI :
10.1109/ICST.2008.44
