Using Labeled Transition System Model in Software Access Control Politics Testing

Access control model is widely used in access control politics testing, it usually consists of three hierarchy fields: roles, permissions and contexts. But the relations information between the three fields is not taken into consideration intact when building the access control models. Because of the information is leaking, engineers has to use random testing or pair wise testing when using access control model, they has to exchange test coverage for test efficiency. Some researchers extended the original access control model with rules, priority and status in order to complementary the missing information, but due to the structure disadvantage of original access control model, few works showed promising result. This paper presents a method using labeled transition system model in formalizing software access control politics though several examples, the method can formalize key information like rules, priority and status along with roles, permissions and contexts into model. This paper also briefly introduces how to use labeled transition system model in security test cases automatic generating.