Name
Abstract | ||
|---|---|---|
As access control with obligatory constraints is critical to assuring system accountability, research on the specification and monitoring of obligation policy has gained increasing attention. However, a correctly specified obligation policy may be implemented incorrectly for various reasons, such as programming errors. This paper presents a model-based approach to testing access control and obligation policies. We build test models of access control and obligation policies based on system functions and derive tests from the models for exercising the system implementation. As a black box technique, our approach is independent of how access control and obligation requirements are implemented in the system under test. We demonstrate our approach through the testing of a real-world online banking system, which is being used by many financial organizations. The mutation analysis indicated that our testing approach is very effective. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/ICCNC.2013.6504143 | ICNC |
Keywords | Field | DocType |
obligation policies,system under test,model-based testing,program testing,programming errors,bank data processing,system functions,authorisation,real-world online banking system,software testing,system accountability,financial organizations,security,black box technique,model-based approach,mutation analysis,obligation policy,access control | System under test,Obligation,Computer security,System testing,Accountability,Implementation,Model-based testing,Access control,Test strategy,Business | Conference |
ISBN | Citations | PageRank |
978-1-4673-5286-4 | 1 | 0.35 |
References | Authors | |
0 | 7 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Dianxiang Xu | 1 | 790 | 73.83 |
| Michael Sanford | 2 | 43 | 2.81 |
| Zhaoliang Liu | 3 | 1 | 0.69 |
| Spencer Johnson | 4 | 1 | 0.35 |
| Mark Emry | 5 | 1 | 0.35 |
| Brad Brockmueller | 6 | 1 | 0.35 |
| Michael To | 7 | 1 | 0.35 |