Test-Driven Assessment of Access Control in Legacy Applications

Abstract : If access control policy decision points are not neatly separated from the business logic of a system, the evolution of a security policy likely leads to the necessity of changing the system's code base. This is often the case with legacy systems. We present a test-driven methodology to assess the flexibility of a system, a property that describes the degree of coupling between the access control logic and the business logic of a system. A low flexibility indicates that a modification of the policy will lead to substantial changes of the code. In this paper, we analyze the notion of flexibility which is related to the presence of hidden and implicit security mechanisms in the business logic. We detail how testing can be used for detecting such mechanisms and how it may drive the incremental evolution of a security policy. We use several case studies to illustrate and validate the methodology.
Type de document :
Communication dans un congrès
ICST 2008 : First IEEE International Conference on Software, Testing, Verification and Validation (ICST), April 9-11, Lillehammer, Norway, 2008, Lillehammer, Norway. 2008
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00456953
Contributeur : Didier Vojtisek <>
Soumis le : mardi 16 février 2010 - 10:42:47
Dernière modification le : lundi 25 juin 2018 - 13:18:59
Document(s) archivé(s) le : vendredi 18 juin 2010 - 21:01:30

Fichier

mouelhi08c.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00456953, version 1

Citation

Yves Le Traon, Tejeddine Mouelhi, Alexander Pretschner, Benoit Baudry. Test-Driven Assessment of Access Control in Legacy Applications. ICST 2008 : First IEEE International Conference on Software, Testing, Verification and Validation (ICST), April 9-11, Lillehammer, Norway, 2008, Lillehammer, Norway. 2008. 〈inria-00456953〉

Partager

Métriques

Consultations de la notice

344

Téléchargements de fichiers

327