Name
Abstract | ||
|---|---|---|
Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/ICST.2012.185 | ICST |
Keywords | Field | DocType |
boolean function,testing,access control,test strategy,mutation testing,authorisation,boolean functions,xml,fault detection,test suite | Test suite,Data mining,Software engineering,XML,Computer science,Fault detection and isolation,Exploit,XACML,Access control,Test case,Test strategy,Reliability engineering | Conference |
Citations | PageRank | References |
20 | 0.86 | 10 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Antonia Bertolino | 1 | 1961 | 140.25 |
| Said Daoudagh | 2 | 99 | 11.31 |
| Francesca Lonetti | 3 | 279 | 29.13 |
| Eda Marchetti | 4 | 392 | 41.68 |