Model-based tests for access control policies 1

Alexander Pretschner; Tejeddine Mouelhi; Yves Le Traon

doi:10.1109/ICST.2008.44

Model-based tests for access control policies 1

Alexander Pretschner, Tejeddine Mouelhi, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

70 Scopus citations

Abstract

We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies - i.e., the model - and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.

Original language	English
Title of host publication	Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008
Pages	338-347
Number of pages	10
DOIs	https://doi.org/10.1109/ICST.2008.44
State	Published - 2008
Externally published	Yes
Event	1st International Conference on Software Testing, Verification and Validation, ICST 2008 - Lillehammer, Norway Duration: 9 Apr 2008 → 11 Apr 2008

Publication series

Name	Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008

Conference

Conference	1st International Conference on Software Testing, Verification and Validation, ICST 2008
Country/Territory	Norway
City	Lillehammer
Period	9/04/08 → 11/04/08

Access to Document

10.1109/ICST.2008.44

Cite this

Pretschner, A., Mouelhi, T., & Le Traon, Y. (2008). Model-based tests for access control policies 1. In Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008 (pp. 338-347). Article 4539561 (Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008). https://doi.org/10.1109/ICST.2008.44

@inproceedings{2c06f1b71e454e0ea14900092da3cb57,

title = "Model-based tests for access control policies 1",

abstract = "We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies - i.e., the model - and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.",

author = "Alexander Pretschner and Tejeddine Mouelhi and {Le Traon}, Yves",

year = "2008",

doi = "10.1109/ICST.2008.44",

language = "English",

isbn = "076953127X",

series = "Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008",

pages = "338--347",

booktitle = "Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008",

note = "1st International Conference on Software Testing, Verification and Validation, ICST 2008 ; Conference date: 09-04-2008 Through 11-04-2008",

}

Pretschner, A, Mouelhi, T & Le Traon, Y 2008, Model-based tests for access control policies 1. in Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008., 4539561, Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008, pp. 338-347, 1st International Conference on Software Testing, Verification and Validation, ICST 2008, Lillehammer, Norway, 9/04/08. https://doi.org/10.1109/ICST.2008.44

Model-based tests for access control policies 1. / Pretschner, Alexander; Mouelhi, Tejeddine; Le Traon, Yves.
Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008. 2008. p. 338-347 4539561 (Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Model-based tests for access control policies 1

AU - Pretschner, Alexander

AU - Mouelhi, Tejeddine

AU - Le Traon, Yves

PY - 2008

Y1 - 2008

N2 - We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies - i.e., the model - and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.

AB - We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies - i.e., the model - and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.

UR - http://www.scopus.com/inward/record.url?scp=50649102597&partnerID=8YFLogxK

U2 - 10.1109/ICST.2008.44

DO - 10.1109/ICST.2008.44

M3 - Conference contribution

AN - SCOPUS:50649102597

SN - 076953127X

SN - 9780769531274

T3 - Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008

SP - 338

EP - 347

BT - Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008

T2 - 1st International Conference on Software Testing, Verification and Validation, ICST 2008

Y2 - 9 April 2008 through 11 April 2008

ER -

Model-based tests for access control policies 1

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this