Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Le Traon Y., Lonetti F., Marchetti E., Mouelhi T. Coverage-based test cases selection for XACML policies. In: SECTEST-ICSTW 2014 - IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops (Cleveland, Ohio, USA, 31 Marzo 2014). Proceedings, pp. 12 - 21. IEEE, 2014.
XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run.
URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6825632
DOI: 10.1109/ICSTW.2014.49
Subject Access control
XACML policies
Test generation,
Mutation testing
D.4.6 Security and Protection. Access controls,
D.2.5 SOFTWARE ENGINEERING. Testing and Debugging,

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional