Test-driven assessment of access control in legacy applications

Proceedings of the 1st International Conference on Software Testing, Verification and Validation, ICST 2008

Volumn , Issue , 2008, Pages 238-247

  Le Traon, Yves ^a   Mouelhi, Tejeddine ^a   Pretschner, Alexander ^b   Baudry, Benoit ^c  

^a ECOLE DES MINES DE NANTES   (France)

^b ETH ZURICH   (Switzerland)

^c CAMPUS DE BEAULIEU   (France)

Author keywords

[No Author keywords available]

Indexed keywords

ADMINISTRATIVE DATA PROCESSING; CODES (SYMBOLS); COMPUTER NETWORKS; COMPUTER SOFTWARE SELECTION AND EVALUATION; COMPUTER SYSTEMS; LEGACY SYSTEMS; MANAGEMENT INFORMATION SYSTEMS; MECHANISMS; PUBLIC POLICY; SECURITY SYSTEMS; VERIFICATION;

BUSINESS LOGICS; INTERNATIONAL CONFERENCES; SOFTWARE TESTING;

ACCESS CONTROL;

EID: 50649103518     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICST.2008.60     Document Type: Conference Paper

References (14)

1. D. F. Ferraiolo, et al., Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001. 4(3): p. 224-274.
2. S. I. Gavrila and J.F. Barkley. Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. in Third ACM Workshop on Role-Based Access Control. 1996.
3. R. Sandhu, E.J.C., H. L. Feinstein, and C.E. Youman, Role-based access control models. IEEE Computer, 1996. 29(2): p. 38-47.
4. A. Abou El Kalam, et al., Organization Based Access Control, in IEEE 4th International Workshop on Policies for Distributed Systems and Networks. 2003.
5. F. Cuppens, N. Cuppens-Boulahia, and M.B. Ghorbel. High-level conflict management strategies in advanced access control models. in Workshop on Information and Computer Security (ICS'06). 2006.
6. Basin, D., J. Doser, and T. Lodderstedt. Model driven security: From UML models to access control infrastructures. in ACM Transactions on Software Engineering and Methodology (TOSEM). 2006
7. T. Mouelhi, Y. Le Traon, and B. Baudry, Mutation analysis for security tests qualification, in Mutation'07 workshop. 2007.
8. T. Mouelhi, Y. Le Traon, and B. Baudry, Testing security policies: going beyond functional testing, in International Symposium on Software Reliability Engineering. 2007.
9. Briand, L. and Y. Labiche, A UML-based approach to System Testing. Software and Systems Modeling, 2002. 1(1): p. 10 - 42.
10. Martin, E. and T. Xie. Inferring Access-Control Policy Properties via Machine Learning. in 7th IEEE Workshop on Policies for Distributed Systems and Networks 2006.
11. Devanbu, P.T. and S. Stubblebine. Software engineering for security: a roadmap. in International Conference on Software Engineering. 2000.
12. A. Pretschner, T. Mouelhi, and Y. Le Traon, Model-Based Tests for Access Control Policies, in International Conference on Software Testing Verification and Validation. 2008.
13. B. Baudry, F. Fleurey, Y. Le Traon, and J.-M. Jézéquel. Automatic Test Cases Optimization using a Bacteriological Adaptation Model: Application to .NET Components. in ASE'02 (Automated Software Engineering). 2002. Edimburgh, Scotland, UK: IEEE Computer Society Press, Los Alamitos, CA, USA.
14. B. Baudry, F. Fleurey, Y. Le Traon, and J.-M. Jézéquel., From Genetic to Bacteriological Algorithms for Mutation-Based Testing. Software Testing, Verification and Reliability, 2005. 15(1): p. 73-96.