an automatic test case generator for evaluating implementation of access control policies

نویسندگان

m. safarzadeh

m. taghizadeh

b. zamani

b. tork ladani

چکیده

one of the main requirements for providing software security is the enforcement of access control policies, which is sometimes referred to as the heart of security. the main purpose of access control policies is to protect resources of the system against unauthorized accesses. any error in the implementation of access control policies may lead to undesirable outcomes. hence, we should ensure that these policies are properly implemented. for testing the implementation of access control policies, it is desired to use automated methods. in fact, these methods are faster and more reliable solutions for assessment of the software systems. although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. in addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. to address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. this method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. to generate test cases automatically, a combination of behavior model of the system and the specification of access control policies that is written in xacml, are used. the experimental results show that the proposed approach is able to kill the mutants and cover most of the code that is related to access control policies.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An automatic test case generator for evaluating implementation of access control policies

One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...

متن کامل

development and implementation of an optimized control strategy for induction machine in an electric vehicle

in the area of automotive engineering there is a tendency to more electrification of power train. in this work control of an induction machine for the application of electric vehicle is investigated. through the changing operating point of the machine, adapting the rotor magnetization current seems to be useful to increase the machines efficiency. in the literature there are many approaches wh...

15 صفحه اول

Evaluating Access Control Policies Through Model Checking

We present a model-checking algorithm which can be used to evaluate access control policies, and a tool which implements it. The evaluation includes not only assessing whether the policies give legitimate users enough permissions to reach their goals, but also checking whether the policies prevent intruders from reaching their malicious goals. Policies of the access control system and goals of ...

متن کامل

An Automatic Test Case Generator Derived from State-Based Testing

This paper describes an automated approach to generating test cases for an object-oriented class. The approach is derived from state-based testing methods and refers to a state machine from which a threaded multi-way tree (duplicating the behaviour of the state machine) is produced. All possible sequential test cases can then be automatically created, when the test case generator parses

متن کامل

Automatic XACML requests generation for testing access control policies

XACML has become increasingly popular for specifying access control policies in mission critical domains to protect sensitive resources. However, manually crafted XACML policies may contain errors which can only be identified with manual policies review. Recent progress in policy testing still requires tedious and inefficient manual efforts to compose access requests. In this paper, we propose ...

متن کامل

the test for adverse selection in life insurance market: the case of mellat insurance company

انتخاب نامساعد یکی از مشکلات اساسی در صنعت بیمه است. که ابتدا در سال 1960، توسط روتشیلد واستیگلیتز مورد بحث ومطالعه قرار گرفت ازآن موقع تاکنون بسیاری از پژوهشگران مدل های مختلفی را برای تجزیه و تحلیل تقاضا برای صنعت بیمه عمر که تماما ناشی از عدم قطعیت در این صنعت میباشد انجام داده اند .وهدف از آن پیدا کردن شرایطی است که تحت آن شرایط انتخاب یا کنار گذاشتن یک بیمه گزار به نفع و یا زیان شرکت بیمه ...

15 صفحه اول

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید


عنوان ژورنال:
isecure, the isc international journal of information security

جلد ۹، شماره ۱، صفحات ۷۳-۹۱

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023