Title :
Coverage-Based Test Cases Selection for XACML Policies
Author :
Bertolino, Antonia ; Le Traon, Yves ; Lonetti, Francesca ; Marchetti, Eda ; Mouelhi, Tejeddine
Author_Institution :
Ist. di Sci. e Tecnol. dell\´Inf. "A. Faedo", Pisa, Italy
fDate :
March 31 2014-April 4 2014
Abstract :
XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run.
Keywords :
XML; authorisation; greedy algorithms; program testing; XACML policy coverage criterion; XACML smart coverage selection approach; access control policies; coverage-based test cases selection; greedy optimal test selection approaches; manual test effort; mutation analysis; not-reduced test suite; random optimal test selection approaches; Access control; Complexity theory; Fault detection; Libraries; Standards; Testing; XACML based access control systems; coverage criterion; test selection;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on
Conference_Location :
Cleveland, OH
DOI :
10.1109/ICSTW.2014.49
