Scalable and Effective Test Generation for Role-Based Access Control Systems

Authors:
Ammar Masood;Rafae Bhatti;Arif Ghafoor;Aditya P. Mathur
Affiliations:
Air University, Islamabad;Oracle, Redwood Shores;Purdue University, West Lafayette;Purdue University, West Lafayette
Venue:
IEEE Transactions on Software Engineering
Year:
2009

Citing 0
Cited 3

Fault coverage of Constrained Random Test Selection for access control: A formal analysis

Journal of Systems and Software
A practical guide for using statistical tests to assess randomized algorithms in software engineering

Proceedings of the 33rd International Conference on Software Engineering
A model-based approach to automated testing of access control policies

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Conformance testing procedures for generating tests from the finite state model representation of Role-Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generated test suite were investigated. One is based on a set of six heuristics and the other directly generates a test suite from the finite state model using random selection of paths in the policy model. Empirical studies revealed that the second approach to test suite generation, combined with one or more heuristics, is most effective in the detection of both first-order mutation and malicious faults and generates a significantly smaller test suite than the one generated directly from the finite state models.