A fault model and mutation testing of access control policies

Martin, Evan; Xie, Tao

doi:10.1145/1242572.1242663

Cited by 127 publications

(152 citation statements)

References 26 publications

Supporting

Mentioning

151

Contrasting

Unclassified

Order By: Relevance

“…For lack of space we do not provide a description beyond their name in the table, and refer to the respective sources for more information. Specifically, PSTT, PSTF, PTT, PTF, RTT, RTF, RCT, RCF, CPC, CRC and CRE have been introduced in [13]), RTT, ANR, and RER in [14], and the remaining ones in [12]. Relying on a more powerful tool than those used so far in literature increases the reliability of the fault detection effectiveness results obtained by our experiment and contributes to depict more realistic situations.…”

Section: B Experiments Setupmentioning

confidence: 85%

“…To evaluate the effectiveness of the generated test suites, mutation analysis has been applied on access control policies [13], [14], [12]. The work of [13] has been the first attempt to define a fault model for access control policies and a set of mutation operators manipulating the predicates and logical constructs of target and condition elements of an XACML policy.…”

Section: Related Workmentioning

confidence: 99%

“…The work of [13] has been the first attempt to define a fault model for access control policies and a set of mutation operators manipulating the predicates and logical constructs of target and condition elements of an XACML policy. The authors of [14] extend the mutation operators in [13], focusing on the use of a metamodel that allows to simulate the faults in the security models independently from the used role-based formalism (R-BAC or OrBAC). Finally, the work in [12] includes and enhances the mutation operators of [13] and [14] providing the XACMUT tool adopted in this paper.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Coverage-Based Test Cases Selection for XACML Policies

Bertolino

Traon²,

Lonetti

et al. 2014

2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops

View full text Add to dashboard Cite

Abstract-XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run.

show abstract

Section: B Experiments Setupmentioning

confidence: 85%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Coverage-Based Test Cases Selection for XACML Policies

Bertolino

Traon²,

Lonetti

et al. 2014

2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops

View full text Add to dashboard Cite

show abstract

“…(2) If CurrentNode is in a test sequence that has children with an OR relationship, we create the same number of sequences as children of the CurrentNode and replace CurrentNode in each of these sequences with one of the children of the OR relationship. Then, delete the original sequence containing CurrentNode (lines [24][25][26][27][28][29][30][31][32][33][34][35]. The set of test sequences that remains after the substitutions is the final set of test sequences used for test generation.…”

Section: Test Sequence Generation Algorithmmentioning

confidence: 99%

A threat model‐based approach to security testing

Marback

et al. 2012

Softw Pract Exp

View full text Add to dashboard Cite

SUMMARYSoftware security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well-accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model-based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree-based approach is effective in exposing vulnerabilities.

show abstract

“…The work is based on a fault model [13], a structural coverage measurement tool for defining policy coverage metrics [15] and a test generator [14], developed by two of the authors in their former work. In [16] De Angelis et al discuss access policy testing as a vital function of the trust network, in which users and service providers interact.…”

Section: Testingmentioning

confidence: 99%

A Formal Equivalence Classes Based Method for Security Policy Conformance Checking

Hermann

Litschauer

Fuß

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Different security policy models have been developed and published in the past. Proven security policy models, if correctly implemented, guarantee the protection of data objects from unauthorized access or usage or prevent an illegal information flow. To verify that a security policy model has been correctly implemented, it is important to define and execute an exhaustive list of test cases, which verify that the formal security policy neither has been over-constrained nor underconstrained. In this paper we present a method for defining an exhaustive list of test cases, based on formally described equivalence classes that are derived from the formal security policy description.

show abstract

A fault model and mutation testing of access control policies

Cited by 127 publications

References 26 publications

Coverage-Based Test Cases Selection for XACML Policies

Coverage-Based Test Cases Selection for XACML Policies

A threat model‐based approach to security testing

A Formal Equivalence Classes Based Method for Security Policy Conformance Checking

Contact Info

Product

Resources

About