DocumentCode
1992880
Title
Testing access control and obligation policies
Author
Dianxiang Xu ; Sanford, M. ; Zhaoliang Liu ; Emry, M. ; Brockmueller, B. ; Johnson, Stanley ; To, M.
Author_Institution
Dakota State Univ., Madison, SD, USA
fYear
2013
fDate
28-31 Jan. 2013
Firstpage
540
Lastpage
544
Abstract
As access control with obligatory constraints is critical to assuring system accountability, research on the specification and monitoring of obligation policy has gained increasing attention. However, a correctly specified obligation policy may be implemented incorrectly for various reasons, such as programming errors. This paper presents a model-based approach to testing access control and obligation policies. We build test models of access control and obligation policies based on system functions and derive tests from the models for exercising the system implementation. As a black box technique, our approach is independent of how access control and obligation requirements are implemented in the system under test. We demonstrate our approach through the testing of a real-world online banking system, which is being used by many financial organizations. The mutation analysis indicated that our testing approach is very effective.
Keywords
authorisation; bank data processing; program testing; access control; black box technique; financial organizations; model-based approach; mutation analysis; obligation policies; programming errors; real-world online banking system; system accountability; system functions; system under test; Access control; Computational modeling; Firing; Online banking; Programming; Testing; Security; access control; model-based testing; obligation policy; software testing;
fLanguage
English
Publisher
ieee
Conference_Titel
Computing, Networking and Communications (ICNC), 2013 International Conference on
Conference_Location
San Diego, CA
Print_ISBN
978-1-4673-5287-1
Electronic_ISBN
978-1-4673-5286-4
Type
conf
DOI
10.1109/ICCNC.2013.6504143
Filename
6504143
Link To Document