Title :
Automated Test Generation for Access Control Policies via Change-Impact Analysis
Author :
Martin, Evan ; Xie, Tao
Author_Institution :
North Carolina State Univ., Raleigh
Abstract :
Access control policies are increasingly written in specification languages such as XACML. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing with some typical test inputs (in the form of requests) and check test outputs (in the form of responses) against expected ones. Unfortunately, manual test generation is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present a novel framework and its supporting tool called Cirg that generates tests based on change- impact analysis. Our experimental results show that Cirg can effectively generate tests to achieve high structural coverage of policies and outperforms random test generation in terms of structural coverage and fault-detection capability.
Keywords :
authorisation; program testing; access control policies; automated test generation; change-impact analysis; fault-detection capability; manual test generation; policy developers; policy testing; random test generation; specification languages; structural coverage; Access control; Automatic testing; Computer errors; Control systems; Resource management; Software engineering; Software systems; Software testing; Specification languages;
Conference_Titel :
Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
Conference_Location :
Minneapolis, MN
Print_ISBN :
0-7695-2952-6
DOI :
10.1109/SESS.2007.5
