Model-Based Tests for Access Control Policies

We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare...

Full description

Saved in:
Bibliographic Details
Main Authors: Pretschner, A., Mouelhi, T., Le Traon, Y.
Format: Conference Proceeding
Language:English
Subjects:
Access control
Application software
Automatic testing
Combinatorial Testing
Data security
Genetic mutations
Internet
Logic
Model-Based Testing
Mutation Testing
Performance evaluation
Software testing
System testing
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 347
container_issue
container_start_page 338
container_title
container_volume
creator Pretschner, A.
Mouelhi, T.
Le Traon, Y.
description We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.
doi_str_mv 10.1109/ICST.2008.44
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4539561</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4539561</ieee_id><sourcerecordid>4539561</sourcerecordid><originalsourceid>FETCH-LOGICAL-i584-aeec1e49d4f54500f267159802ddec1c4fd8a55993273ea4d447c09bedb4b5d53</originalsourceid><addsrcrecordid>eNotjstKxDAUQIMPcBi7c-emP5B6k9zbJMux-BgYUbD7IU1uIVKtNLPx7y3o6iwOHI4QNwoapcDf7bv3vtEArkE8ExttrZIGvDoXlbcObOvJKG3xYnWKvESH7kpUpXwAgPKtBTIbIV_mxJO8D4VT3XM5lXqcl3oXI5dSd_PXaZmn-m2ecsxcrsXlGKbC1T-3on986LtneXh92ne7g8zkUAbmqBh9wpGQAEbd2vXAgU5pNRHH5AKR90ZbwwEToo3gB04DDpTIbMXtXzYz8_F7yZ9h-TkiGU-tMr-LakM_</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Model-Based Tests for Access Control Policies</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Pretschner, A. ; Mouelhi, T. ; Le Traon, Y.</creator><creatorcontrib>Pretschner, A. ; Mouelhi, T. ; Le Traon, Y.</creatorcontrib><description>We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.</description><identifier>ISSN: 2159-4848</identifier><identifier>ISBN: 9780769531274</identifier><identifier>ISBN: 076953127X</identifier><identifier>EISSN: 2771-3091</identifier><identifier>DOI: 10.1109/ICST.2008.44</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Application software ; Automatic testing ; Combinatorial Testing ; Data security ; Genetic mutations ; Internet ; Logic ; Model-Based Testing ; Mutation Testing ; Performance evaluation ; Software testing ; System testing</subject><ispartof>2008 1st International Conference on Software Testing, Verification, and Validation, 2008, p.338-347</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4539561$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4539561$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Pretschner, A.</creatorcontrib><creatorcontrib>Mouelhi, T.</creatorcontrib><creatorcontrib>Le Traon, Y.</creatorcontrib><title>Model-Based Tests for Access Control Policies</title><title>2008 1st International Conference on Software Testing, Verification, and Validation</title><addtitle>ICST</addtitle><description>We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.</description><subject>Access control</subject><subject>Application software</subject><subject>Automatic testing</subject><subject>Combinatorial Testing</subject><subject>Data security</subject><subject>Genetic mutations</subject><subject>Internet</subject><subject>Logic</subject><subject>Model-Based Testing</subject><subject>Mutation Testing</subject><subject>Performance evaluation</subject><subject>Software testing</subject><subject>System testing</subject><issn>2159-4848</issn><issn>2771-3091</issn><isbn>9780769531274</isbn><isbn>076953127X</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjstKxDAUQIMPcBi7c-emP5B6k9zbJMux-BgYUbD7IU1uIVKtNLPx7y3o6iwOHI4QNwoapcDf7bv3vtEArkE8ExttrZIGvDoXlbcObOvJKG3xYnWKvESH7kpUpXwAgPKtBTIbIV_mxJO8D4VT3XM5lXqcl3oXI5dSd_PXaZmn-m2ecsxcrsXlGKbC1T-3on986LtneXh92ne7g8zkUAbmqBh9wpGQAEbd2vXAgU5pNRHH5AKR90ZbwwEToo3gB04DDpTIbMXtXzYz8_F7yZ9h-TkiGU-tMr-LakM_</recordid><startdate>200804</startdate><enddate>200804</enddate><creator>Pretschner, A.</creator><creator>Mouelhi, T.</creator><creator>Le Traon, Y.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200804</creationdate><title>Model-Based Tests for Access Control Policies</title><author>Pretschner, A. ; Mouelhi, T. ; Le Traon, Y.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i584-aeec1e49d4f54500f267159802ddec1c4fd8a55993273ea4d447c09bedb4b5d53</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Access control</topic><topic>Application software</topic><topic>Automatic testing</topic><topic>Combinatorial Testing</topic><topic>Data security</topic><topic>Genetic mutations</topic><topic>Internet</topic><topic>Logic</topic><topic>Model-Based Testing</topic><topic>Mutation Testing</topic><topic>Performance evaluation</topic><topic>Software testing</topic><topic>System testing</topic><toplevel>online_resources</toplevel><creatorcontrib>Pretschner, A.</creatorcontrib><creatorcontrib>Mouelhi, T.</creatorcontrib><creatorcontrib>Le Traon, Y.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Pretschner, A.</au><au>Mouelhi, T.</au><au>Le Traon, Y.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Model-Based Tests for Access Control Policies</atitle><btitle>2008 1st International Conference on Software Testing, Verification, and Validation</btitle><stitle>ICST</stitle><date>2008-04</date><risdate>2008</risdate><spage>338</spage><epage>347</epage><pages>338-347</pages><issn>2159-4848</issn><eissn>2771-3091</eissn><isbn>9780769531274</isbn><isbn>076953127X</isbn><abstract>We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.</abstract><pub>IEEE</pub><doi>10.1109/ICST.2008.44</doi><tpages>10</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2159-4848
ispartof 2008 1st International Conference on Software Testing, Verification, and Validation, 2008, p.338-347
issn 2159-4848
2771-3091
language eng
recordid cdi_ieee_primary_4539561
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Application software
Automatic testing
Combinatorial Testing
Data security
Genetic mutations
Internet
Logic
Model-Based Testing
Mutation Testing
Performance evaluation
Software testing
System testing
title Model-Based Tests for Access Control Policies
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T23%3A14%3A05IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Model-Based%20Tests%20for%20Access%20Control%20Policies&rft.btitle=2008%201st%20International%20Conference%20on%20Software%20Testing,%20Verification,%20and%20Validation&rft.au=Pretschner,%20A.&rft.date=2008-04&rft.spage=338&rft.epage=347&rft.pages=338-347&rft.issn=2159-4848&rft.eissn=2771-3091&rft.isbn=9780769531274&rft.isbn_list=076953127X&rft_id=info:doi/10.1109/ICST.2008.44&rft_dat=%3Cieee_6IE%3E4539561%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i584-aeec1e49d4f54500f267159802ddec1c4fd8a55993273ea4d447c09bedb4b5d53%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4539561&rfr_iscdi=true