Title :
Testing of PolPA authorization systems
Author :
Bertolino, Antonia ; Daoudagh, Said ; Lonetti, Francesca ; Marchetti, Eda ; Martinelli, Fabio ; Mori, Paolo
Author_Institution :
Ist. di Scienza e Tecnol. dell´´Inf. A. Faedo, Consiglio Naz. delle Ric., Pisa, Italy
Abstract :
The implementation of an authorization system is a difficult and error-prone activity that requires a careful verification and testing process. In this paper, we focus on testing the implementation of the PolPA authorization system and in particular its Policy Decision Point (PDP), used to define whether an access should be allowed or not. Thus exploiting the PolPA policy specification, we present a fault model and a test strategy able to highlight the problems, vulnerabilities and faults that could occur during the PDP implementation, and a testing framework for the automatic generation of a test suite that covers the fault model. Preliminary results of the test framework application to a realistic case study are presented.
Keywords :
authorisation; program testing; program verification; software fault tolerance; PolPA authorization systems testing; PolPA policy specification; automatic test suite generation; error-prone activity; fault model; policy decision point; testing process; verification process; Authorization; Fault diagnosis; Generators; Gold; Testing; Authorization systems; PolPA language; request generation; testing;
Conference_Titel :
Automation of Software Test (AST), 2012 7th International Workshop on
Conference_Location :
Zurich
Print_ISBN :
978-1-4673-1821-1
DOI :
10.1109/IWAST.2012.6228997
