Mining likely properties of access control policies via association rule mining
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Future of developer testing: building quality in code
Proceedings of the FSE/SDP workshop on Future of software engineering research
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
| Hi-index | 0.00 |
Access control policies are often specified in declarative languages. In this paper, we propose a novel approach, called mutation verification, to assess the quality of properties specified for a policy and, in doing so, the quality of the verification itself. In our approach, given a policy and a set of properties, we first mutate the policy to generate various mutant policies, each with a single seeded fault. We then verify whether the properties hold for each mutant policy. If the properties still hold for a given mutant policy, then the quality of these properties is determined to be insufficient in guarding against the seeded fault, indicating that more properties are needed to augment the existing set of properties to provide higher confidence of the policy correctness. We have implemented Mutaver, a mutation verification tool for XACML, and applied it to policies and properties from a real-world software system.