A methodology for controlling the size of a test suite
ACM Transactions on Software Engineering and Methodology (TOSEM)
Automated regression test generation
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Using model checking to generate tests from requirements specifications
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using Model Checking to Generate Tests from Specifications
ICFEM '98 Proceedings of the Second IEEE International Conference on Formal Engineering Methods
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
Generating Regression Tests via Model Checking
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
Synthesising verified access control systems in XACML
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Multiple-implementation testing for XACML implementations
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
Fault coverage of Constrained Random Test Selection for access control: A formal analysis
Journal of Systems and Software
An approach to modular and testable security models of real-world health-care applications
Proceedings of the 16th ACM symposium on Access control models and technologies
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Access control policies are increasingly written in speci- fication languages such as XACML. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing with some typical test inputs (in the form of requests) and check test outputs (in the form of responses) against expected ones. Unfortunately, manual test generation is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present a novel framework and its support- ing tool called Cirg that generates tests based on change- impact analysis. Our experimental results show that Cirg can effectively generate tests to achieve high structural cov- erage of policies and outperforms random test generation in terms of structural coverage and fault-detection capability.