Model-Based Tests for Access Control Policies

Abstract : We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies- i.e., the model and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodol- ogy applies to arbitrary implementations of the policy decision points
Document type :
Conference papers
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/inria-00456952
Contributor : Didier Vojtisek <>
Submitted on : Tuesday, February 16, 2010 - 10:42:46 AM
Last modification on : Tuesday, March 5, 2019 - 9:30:10 AM
Long-term archiving on : Friday, June 18, 2010 - 9:01:11 PM

File

mouelhi08a.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00456952, version 1

Citation

Alexander Pretschner, Tejeddine Mouelhi, Yves Le Traon. Model-Based Tests for Access Control Policies. ICST 2008 : First IEEE International Conference on Software, Testing, Verification and Validation, April 9-11, Lillehammer, Norway, RSM - Dépt. Réseaux, Sécurité et Multimédia (Institut TELECOM ; TELECOM Bretagne), ETH - Eidgenössische Technische Hochschule Zürich (ETH Zurich), 2008, Lillehammer, Norway. ⟨inria-00456952⟩

Share

Metrics

Record views

441

Files downloads

418