Testing security policies: Going beyond functional testing

Proceedings - International Symposium on Software Reliability Engineering, ISSRE

Volumn , Issue , 2007, Pages 93-102

  Le Traon, Yves ^a   Mouelhi, Tejeddine ^a   Baudry, Benoit ^b  

^a ECOLE DES MINES DE NANTES   (France)

^b CAMPUS DE BEAULIEU   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE SELECTION AND EVALUATION; MECHANISMS; QUALITY ASSURANCE; RELIABILITY; SECURITY SYSTEMS; SOFTWARE RELIABILITY; TECHNICAL PRESENTATIONS; TESTING;

CASE STUDIES; FUNCTIONAL TESTING; FUNCTIONAL TESTING (FT); INTERNATIONAL SYMPOSIUM; MUTATION ANALYSIS; MUTATION OPERATORS; SECURITY MECHANISMS; SECURITY POLICIES; SOFTWARE RELIABILITY ENGINEERING; STRONGLY CONNECTED; SYSTEM FUNCTIONALITIES; TEST CASES; TEST SELECTION; TESTING FUNCTIONS;

PUBLIC POLICY;

EID: 47349131989     PISSN: 10719458     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISSRE.2007.29     Document Type: Conference Paper

References (15)

1. D. F. Ferraiolo, et al., Proposed NIST standard for role-based access control ACM Transactions on Information and System Security, 2001. 4(3): p. 224-274.
2. S. I. Gavrila and J.F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management, in Third ACM Workshop on Role-Based Access Control. 1996.
3. R. Sandhu, E.J.C., H. L. Feinstein, and C.E. Youman, Role-based access control models. IEEE Computer, 1996. 29(2): p. 38-47.
4. A. Abou El Kalam, et al., Organization Based Access Control, in IEEE 4th International Workshop on Policies for Distributed Systems and Networks. 2003.
5. F. Cuppens, N. Cuppens-Boulahia, and M.B. Ghorbel. High-level conflict management strategies in advanced access control models. in Workshop on Information and Computer Security (ICS'06). 2006.
6. DeMillo, R., R. Lipton, and F. Sayward, Hints on Test Data Selection : Help For The Practicing Programmer. IEEE Computer, 1978. 11(4): p. 34-41.
7. Basin, D., J. Doser, and T. Lodderstedt. Model driven security: From UML models to access control infrastructures, in ACM Transactions on Software Engineering and Methodology (TOSEM). 2006
8. Briand, L. and Y. Labiche, A UML-based approach to System Testing. Software and Systems Modeling, 2002. 1(1): p. 10 - 42.
9. Nebut, C., et al., Automatic Test Generation: A Use Case Driven Approach. IEEE Transactions on Software Engineering, 2006.
10. Tejeddine Mouelhi, Yves Le Traon, and B. Baudry, Mutation analysis for security tests qualification, in Mutation'07 workshop. 2007.
11. Van Lamsweerden, A. Elaborating Security Requirements by Construction of Intentional Anti-Models, in Proceedings of the 26th International Conference on Software Engineering. 2004.
12. Martin, E. and T. Xie. A Fault Model and Mutation Testing of Access Control Policies. in International Conference on World Wide Web. 2007.
13. Ammar Masood, Arif Ghafoor, and A. Mathur, Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. 2006.
14. Du, W. and A.P. Mathur. Testing for Software Vulnerability Using Environment Perturbation, in International Conference on Dependable Systems and Networks. 2000.
15. Ghosh, A., T. O'Connor, and G. McGraw, An automated approach for identifying potential vulnerabilities in software, in IEEE Symposium on Security and Privacy. 1998.