Model-Based Tests for Access Control Policies

We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare...

Full description

Saved in:
Bibliographic Details
Main Authors: Pretschner, A., Mouelhi, T., Le Traon, Y.
Format: Conference Proceeding
Language:English
Subjects:
Access control
Application software
Automatic testing
Combinatorial Testing
Data security
Genetic mutations
Internet
Logic
Model-Based Testing
Mutation Testing
Performance evaluation
Software testing
System testing
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.
ISSN:2159-4848
2771-3091
DOI:10.1109/ICST.2008.44