An automatic test case generator for evaluating implementation of access control policies
Author(s):
Abstract:
One of the main requirements for providing software security is the enforcement of access control policies, which is sometimes referred to as the heart of security. The main purpose of access control policies is to protect resources of the system against unauthorized accesses. Any error in the implementation of access control policies may lead to undesirable outcomes. Hence, we should ensure that these policies are properly implemented. For testing the implementation of access control policies, it is desired to use automated methods. In fact, these methods are faster and more reliable solutions for assessment of the software systems. Although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. In addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. To address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. This method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. To generate test cases automatically, a combination of behavior model of the system and the specification of access control policies that is written in XACML, are used. The experimental results show that the proposed approach is able to kill the mutants and cover most of the code that is related to access control policies.
Keywords:
Language:
English
Published:
International Journal of Information Security, Volume:9 Issue: 1, Jan 2017
Pages:
73 to 91
https://magiran.com/p1681282
سامانه نویسندگان
مقالات دیگری از این نویسنده (گان)
-
Enhancing Urban Sustainability through Air Pollution Analysis and Accessibility Estimation: A Case Study of Tehran Metropolis
Amir Ghahremanlou, Mahmoud Saffarzadeh *, Ali Naderan, Hassan Javanshir
Journal of New Researches in the Smart City, -
CST-SDL: A Scenario Description Language for Collaborative Security Training in Cyber Ranges
Navid Shirmohammadi, *
International Journal of Information Security, Jan 2025 -
Presenting an Algebraic Method for Optimally Locating Counter Sensors on a Traffic Network for Estimating the OD Matrix
Navid Hosseini Taleghani, Seyed Ehsan Seyedabrishami *, Mahmoud Saffarzadeh
International Journal of Transportation Engineering, Winter 2025 -
Intelligent Automation of Scenario Execution in Cyber Ranges Using Machine Learning Techniques
Farnoosh Karimi, *, Behrouz Shahgholi Ghahfarokhi
Journal Monadi for Cyberspace Security (AFTA),