Role-Based Access Control Models
Computer
Pythia: a regression test selection tool based on textual differencing
ENCRESS '97 IFIP TC5 WG5.4 3rd internatinal conference on on Reliability, quality and safety of software-intensive systems
On the limit of control flow analysis for regression test selection
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Regression test selection for Java software
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
The role control center: features and case studies
Proceedings of the eighth ACM symposium on Access control models and technologies
IEEE Security and Privacy
Applying regression test selection for COTS-based applications
Proceedings of the 28th international conference on Software engineering
Testing and Analysis of Access Control Policies
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Hi-index | 0.00 |
To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.