Advances in Petri nets 1986, part I on Petri nets: central models and their properties
Object-oriented software construction (2nd ed.)
Object-oriented software construction (2nd ed.)
Model-based testing for real: The inhouse card case study
International Journal on Software Tools for Technology Transfer (STTT)
One evaluation of model-based testing and its automation
Proceedings of the 27th international conference on Software engineering
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
A formal approach for testing security rules
Proceedings of the 12th ACM symposium on Access control models and technologies
Test Generation from Security Policies Specified in Or-BAC
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Testing Security Policies: Going Beyond Functional Testing
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Generating security tests in addition to functional tests
Proceedings of the 3rd international workshop on Automation of software test
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Test-Driven Assessment of Access Control in Legacy Applications
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
Model-based Security Testing Using UMLsec
Electronic Notes in Theoretical Computer Science (ENTCS)
Transforming and Selecting Functional Test Cases for Security Policy Testing
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Scalable and Effective Test Generation for Role-Based Access Control Systems
IEEE Transactions on Software Engineering
Conformance Testing of Temporal Role-Based Access Control Systems
IEEE Transactions on Dependable and Secure Computing
A tool for automated test code generation from high-level petri nets
PETRI NETS'11 Proceedings of the 32nd international conference on Applications and theory of Petri Nets
An Analysis and Survey of the Development of Mutation Testing
IEEE Transactions on Software Engineering
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Model-Based Testing for Embedded Systems
Model-Based Testing for Embedded Systems
Automated Security Test Generation with Formal Threat Models
IEEE Transactions on Dependable and Secure Computing
Proceeding of the 44th ACM technical symposium on Computer science education
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.