Transforming and selecting functional test cases for security policy testing

Proceedings - 2nd International Conference on Software Testing, Verification, and Validation, ICST 2009

Volumn , Issue , 2009, Pages 171-180

  Mouelhi, Tejeddine ^a   Traon, Yves Le ^a   Baudry, Benoit ^b  

^a UNIVERSITÉ EUROPÉENNE DE BRETAGNE   (France)

^b CAMPUS DE BEAULIEU   (France)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL LOGIC; BUSINESS LOGIC; EMPIRICAL CASE STUDIES; ERROR PRONE; FUNCTIONAL TEST; INDEPENDENT COMPONENTS; JAVA PROGRAM; MANUAL ADAPTATION; NEW APPROACHES; POLICY DECISION POINTS; PROOF OF CONCEPT; SECURITY MECHANISM; SECURITY POLICY; TEST CASE; TYPICAL APPLICATION;

COMPUTER SOFTWARE SELECTION AND EVALUATION; JAVA PROGRAMMING LANGUAGE; SECURITY SYSTEMS; SOFTWARE TESTING; TESTING; VERIFICATION;

ACCESS CONTROL;

EID: 67650163992     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICST.2009.49     Document Type: Conference Paper

References (21)

1. Fabio Martinelli, Paolo Mori, Thomas Quillinan, and Christian Schaefer, A Runtime Monitoring Environment for Mobile Java, in (secTest2008) 1st International ICST workshop on Security Testing 2008.
2. A. Abou El Kalam, et al., Organization Based Access Control, in IEEE 4th International Workshop on Policies for Distributed Systems and Networks. 2003.
3. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001. 4(3): p. 224-274.
4. Y. Le Traon, T. Mouelhi, and B. Baudry, Testing security policies : going beyond functional testing, in ISSRE'07 : The 18th IEEE International Symposium on Software Reliability Engineering. 2007.
5. T. Mouelhi, F. Fleurey, B. Baudry, and Y. Le Traon, A model-based framework for security policy specification, deployment and testing, in MODELS 2008. 2008.
6. Y. Le Traon, T. Mouelhi, A. Pretschner, and B. Baudry, Test-Driven Assessment of Access Control in Legacy Applications, in ICST 2008: First IEEE International Conference on Software, Testing, Verification and Validation. 2008.
7. J. M. Voas, PIE : A Dynamic Failure-Based Technique. IEEE Transactions on Software Engineering, 1992. 18(8): p. 717 - 727.
8. T. Mouelhi, B.Baudry, and F. Fleurey, A Generic Metamodel For Security Policies Mutation, in SecTest 08: 1st International ICST workshop on Security Testing. 2008.
9. T. Mouelhi, Y. Le Traon, and B. Baudry, Mutation analysis for security tests qualification, in Mutation'07 : third workshop on mutation analysis in conjuction with TAIC-Part. 2007.
10. R. DeMillo, R. Lipton, and F. Sayward, Hints on Test Data Selection : Help For The Practicing Programmer. IEEE Computer, 1978. 11(4): p. 34 - 41.
11. E. Martin and T. Xie. A Fault Model and Mutation Testing of Access Control Policies. in Proceedings of the 16th International Conference on World Wide Web. 2007.
12. Clémentine Nebut, Franck Fleurey, Yves Le Traon, and Jean-Marc Jézéquel, Automatic Test Generation: A Use Case Driven Approach. IEEE Transactions on Software Engineering, 2006.
13. E. Martin and T. Xie., Automated Test Generation for Access Control Policies via Change-Impact Analysis, in Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems. 2007.
14. Vincent C. Hu, E. Martin, J. Hwang, and T. Xie. Conformance Checking of Access Control Policies Specified in XACML. in Proceedings of the 1st IEEE International Workshop on Security in Software Engineering. 2007.
15. A. Masood, A. Ghafoor, and A. Mathur, Technical report: Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. 2005.
16. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. in ICSE. 2005.
17. E. Martin and T. Xie. Automated Test Generation for Access Control Policies via Change-Impact Analysis. in Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems. 2007.
18. G. Al-Hayek, Y. Le Traon, and C. Robach, Impact of system partitioning on test cost. IEEE Design & Test of Computers, 1997. 14(1): p. 64-74.
19. A. Pretschner, T. Mouelhi, and Y. Le Traon, Model-Based Tests for Access Control Policies, in ICST 2008. 2008.
20. B. Baudry, Franck Fleurey, Jean-Marc Jézéquel, and Yves Le Traon. Automatic Test Cases Optimization using a Bacteriological Adaptation Model: Application to .NET Components. in ASE'02, 2002 Edimburgh, Scotland, UK: IEEE Computer Society Press, Los Alamitos, CA, USA.
21. B. Baudry, Franck Fleurey, Jean-Marc Jézéquel, and Yves Le Traon, From Genetic to Bacteriological Algorithms for Mutation-Based Testing. Software Testing, Verification and Reliability, 2005. 15(1): p. 73-96.