Selective Regression Test for Access Control System Employing RBAC

Authors:
Chao Huang;Jianling Sun;Xinyu Wang;Yuanjie Si
Affiliations:
West Lake Science & Technology Economic Park, College of computer, Zhejiang University, Hangzhou, China 310030;West Lake Science & Technology Economic Park, College of computer, Zhejiang University, Hangzhou, China 310030;West Lake Science & Technology Economic Park, College of computer, Zhejiang University, Hangzhou, China 310030;West Lake Science & Technology Economic Park, College of computer, Zhejiang University, Hangzhou, China 310030
Venue:
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Year:
2009

Citing 11
Cited 0

Role-Based Access Control Models

Computer
Pythia: a regression test selection tool based on textual differencing

ENCRESS '97 IFIP TC5 WG5.4 3rd internatinal conference on on Reliability, quality and safety of software-intensive systems
On the limit of control flow analysis for regression test selection

Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
The role-based access control system of a European bank: a case study and discussion

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Regression test selection for Java software

OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
The role control center: features and case studies

Proceedings of the eighth ACM symposium on Access control models and technologies
Why Security Testing Is Hard

IEEE Security and Privacy
Applying regression test selection for COTS-based applications

Proceedings of the 28th international conference on Software engineering
Testing and Analysis of Access Control Policies

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Model-Based Tests for Access Control Policies

ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation

Quantified Score

Hi-index	0.00

Visualization

Abstract

To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.