Systematic XACML request generation for testing purposes

Proceedings - 36th EUROMICRO Conference on Software Engineering and Advanced Applications, SEAA 2010

Volumn , Issue , 2010, Pages 3-11

  Bertolino, Antonia ^a   Lonetti, Francesca ^a   Marchetti, Eda ^a  

^a ISTI CNR   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL POLICIES; FAULT DETECTION EFFECTIVENESS; POLICY EVALUATION; SECURITY MECHANISM; TEST INPUTS;

FAULT DETECTION; SECURITY SYSTEMS; SOFTWARE ENGINEERING;

ACCESS CONTROL;

EID: 78449304326     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SEAA.2010.58     Document Type: Conference Paper

References (18)

1. A. Bertolino, J. Gao, E. Marchetti, and A. Polini. Automatic test data generation for XML schema-based partition testing. In Proc. of AST, May 2007.
2. A. Bertolino, J. Gao, E. Marchetti, and A. Polini. TAXI - A Tool for XML-Based Testing. In Proc. of ICSE Companion, pages 53-54, 2007.
3. D. M. Cohen, S. R. Dalal, M. L. Fredman, and G. C. Patton. The AETG system: An approach to testing based on combinatiorial design. IEEE Trans. on Soft. Eng., 23(7):437-444, July 1997.
4. R. DeMillo, R. Lipton, and F. Sayward. Hints on test data selection: Help for the practicing programmer. Computer, 11(4):34-41, 1978.
5. K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz. Verification and change-impact analysis of access-control policies. In Proc. of ICSE, pages 196-205, 2005.
6. Y. Le Traon, T. Mouelhi, A. Pretschner, and B. Baudry. Test- Driven Assessment of Access Control in Legacy Applications. In Proc. of ICST, pages 238-247, April 2008.
7. K. Li, L. Mounier, and R. Groz. Test generation from security policies specified in or-BAC. In Proc. of COMPSAC, pages 255-260, 2007.
8. N. Li, J. Hwang, and T. Xie. Multiple-implementation testing for XACML implementations. In Proc. of TAV-WEB, pages 27-33, 2008.
9. W. Mallouli, J. Orset, A. Cavalli, N. Cuppens, and F. Cuppens. A formal approach for testing security rules. In Proc. of ACMT, page 132, 2007.
10. E. Martin and T. Xie. Automated test generation for access control policies. In Supplemental Proc. of ISSRE, November 2006.
11. E. Martin and T. Xie. Automated test generation for access control policies via change-impact analysis. In Proc. of SESS, pages 5-11, May 2007.
12. E. Martin and T. Xie. A fault model and mutation testing of access control policies. In Proc. of WWW, pages 667-676, May 2007.
13. A. Masood, A. Ghafoor, and A. Mathur. Test Generation for Access Control Systems that Employ RBAC Policies. Technical report, SERC-TR-283, Purdue University, 2005.
14. OASIS. eXtensible Access Control Markup Language (XACML) Version 1.0. http://www.oasisopen.org/committees/xacml/, February 2003.
15. T. J. Ostrand and M. J. Balcer. The category-partition method for specifying and generating functional tests. Commun. ACM, 31(6):676-686, 1988.
16. A. Pretschner, T. Mouelhi, and Y. Le Traon. Model-based tests for access control policies. In Proc. of ICST, pages 338-347, April 2008.
17. Sun Microsystems. Sun's XACML Implementation. http://sunxacml. sourceforge.net/, 2006.
18. Y. Traon, T. Mouelhi, and B. Baudry. Testing security policies: going beyond functional testing. In Proc. of ISSRE, pages 93-102, November 2007.