A Theory of Fault-Based Testing
IEEE Transactions on Software Engineering
High Performance Software Testing on SIMD Machines
IEEE Transactions on Software Engineering
TAV4 Proceedings of the symposium on Testing, analysis, and verification
TAV4 Proceedings of the symposium on Testing, analysis, and verification
Constraint-Based Automatic Test Data Generation
IEEE Transactions on Software Engineering
Estimation and Enhancement of Real-Time Software Reliability Through Mutation Analysis
IEEE Transactions on Computers - Special issue on fault-tolerant computing
A methodology for controlling the size of a test suite
ACM Transactions on Software Engineering and Methodology (TOSEM)
High-performance mutation testing
Journal of Systems and Software
Efficient mutation analysis: a new approach
ISSTA '94 Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis
On mutation and data flow
An experimental determination of sufficient mutant operators
ACM Transactions on Software Engineering and Methodology (TOSEM)
An experimental evaluation of selective mutation
ICSE '93 Proceedings of the 15th international conference on Software Engineering
Software unit test coverage and adequacy
ACM Computing Surveys (CSUR)
An integrated system for program testing using weak mutation and data flow analysis
ICSE '85 Proceedings of the 8th international conference on Software engineering
An Empirical Evaluation of Weak Mutation
IEEE Transactions on Software Engineering
Inter-Class Mutation Operators for Java
ISSRE '02 Proceedings of the 13th International Symposium on Software Reliability Engineering
Mutation analysis of program test data
Mutation analysis of program test data
On mutation
Synthesising verified access control systems in XACML
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Inferring Access-Control Policy Properties via Machine Learning
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Testing and Analysis of Access Control Policies
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Multiple-implementation testing for XACML implementations
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Validating Access Control Configurations in J2EE Applications
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Security policy testing via automated program code generation
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Mining likely properties of access control policies via association rule mining
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Linguistic security testing for text communication protocols
TAIC PART'10 Proceedings of the 5th international academic and industrial conference on Testing - practice and research techniques
Towards accuracy of role-based access control configurations in component-based systems
Journal of Systems Architecture: the EUROMICRO Journal
Security mutation testing of the FileZilla FTP server
Proceedings of the 2011 ACM Symposium on Applied Computing
Security mutants for property-based testing
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
A model-based approach to automated testing of access control policies
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
To increase confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (requests) and subsequently checking test outputs (responses) against expected ones. Unfortunately, manual testing is tedious and few tools exist for automated testing of access control policies. We present a fault model for access control policies and a framework to explore it. The framework includes mutation operators used to implement the fault model, mutant generation, equivalent-mutant detection, and mutant-killing determination. This framework allows us to investigate our fault model, evaluate coverage criteria for test generation and selection, and determine a relationship between structural coverage and fault-detection effectiveness. We have implemented the framework and applied it to various policies written in XACML. Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection.