Title :
Testing access control and obligation policies
Author :
Dianxiang Xu ; Sanford, M. ; Zhaoliang Liu ; Emry, M. ; Brockmueller, B. ; Johnson, Stanley ; To, M.
Author_Institution :
Dakota State Univ., Madison, SD, USA
Abstract :
As access control with obligatory constraints is critical to assuring system accountability, research on the specification and monitoring of obligation policy has gained increasing attention. However, a correctly specified obligation policy may be implemented incorrectly for various reasons, such as programming errors. This paper presents a model-based approach to testing access control and obligation policies. We build test models of access control and obligation policies based on system functions and derive tests from the models for exercising the system implementation. As a black box technique, our approach is independent of how access control and obligation requirements are implemented in the system under test. We demonstrate our approach through the testing of a real-world online banking system, which is being used by many financial organizations. The mutation analysis indicated that our testing approach is very effective.
Keywords :
authorisation; bank data processing; program testing; access control; black box technique; financial organizations; model-based approach; mutation analysis; obligation policies; programming errors; real-world online banking system; system accountability; system functions; system under test; Access control; Computational modeling; Firing; Online banking; Programming; Testing; Security; access control; model-based testing; obligation policy; software testing;
Conference_Titel :
Computing, Networking and Communications (ICNC), 2013 International Conference on
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4673-5287-1
Electronic_ISBN :
978-1-4673-5286-4
DOI :
10.1109/ICCNC.2013.6504143
