Istituto di Scienza e Tecnologie dell'Informazione     
Daoudagh S., Lonetti F., Marchetti E. Assessment of access control systems using mutation testing. In: TELERISE 2015 - IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (Florence, Italy, 18 May 2015). Proceedings, pp. 8 - 13. IEEE, 2015.
In modern pervasive applications, it is important to validate access control mechanisms that are usually defined by means of the standard XACML language. Mutation analysis has been applied on access control policies for measuring the adequacy of a test suite. In this paper, we present a testing framework aimed at applying mutation analysis at the level of the Java based policy evaluation engine. A set of Java based mutation operators is selected and applied to the code of the Policy Decision Point (PDP). A first experiment shows the effectiveness of the proposed framework in assessing the fault detection of XACML test suites and confirms the efficacy of the application of code-based mutation operators to the PDP.
URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7182463
DOI: 10.1109/TELERISE.2015.10
Subject XACML Language
Mutation analysis
D.2.5 Testing and Debugging
D.2.6 Security and Protection. Access controls

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional