Sciweavers

ICST
2008
IEEE

Model-Based Tests for Access Control Policies

14 years 6 months ago
Model-Based Tests for Access Control Policies
We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model— and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.
Alexander Pretschner, Tejeddine Mouelhi, Yves Le T
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where ICST
Authors Alexander Pretschner, Tejeddine Mouelhi, Yves Le Traon
Comments (0)