Testing Delegation Policy Enforcement via Mutation Analysis

Nguyen, Phu H.; Papadakis, Mike; Rubab, Iram

doi:10.1109/icstw.2013.12

Cited by 5 publications

(6 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section presents mutation-based approaches related to security. More precisely, applications on testing security policies [309][310][311][312][313], regression testing of security policies [314] and testing security protocols [315] are shortly described.…”

Section: Security Testingmentioning

confidence: 99%

Mutation Testing Advances: An Analysis and Survey

Papadakis

Kintis

Zhang

et al. 2019

Advances in Computers

Self Cite

324

329

View full text Add to dashboard Cite

Mutation testing realises the idea of using artificial defects to support testing activities. Mutation is typically used as a way to evaluate the adequacy of test suites, to guide the generation of test cases and to support experimentation.Mutation has reached a maturity phase and gradually gains popularity both in academia and in industry. This chapter presents a survey of recent advances, over the past decade, related to the fundamental problems of mutation testing and sets out the challenges and open problems for the future development of the method. It also collects advices on best practices related to the use of mutation in empirical studies of software testing. Thus, giving the reader a 'mini-handbook'-style roadmap for the application of mutation testing as experimental methodology.

show abstract

Section: Security Testingmentioning

confidence: 99%

Mutation Testing Advances: An Analysis and Survey

Papadakis

Kintis

Zhang

et al. 2019

Advances in Computers

Self Cite

324

329

View full text Add to dashboard Cite

show abstract

“…Besides, in order to complete the framework, we also propose an approach for testing delegation policy enforcement. In this direction, we continue working on the extension of testing delegation policy enforcement via mutation analysis [29].…”

Section: Discussionmentioning

confidence: 99%

“…We keep all the definitions here generic so that they can be mapped into different security models like Role-Based Access Control (Rbac), Organization-Based Access Control (Orbac) [16], Discretionary Access Control (Dac) [19], etc. These definitions also provide the basis for deriving mutation operators that can be used for testing delegation policy enforcement [29]. Then, a brief summary of previous work on dynamic security policy enforcement [24] is given.…”

Section: Introductionmentioning

confidence: 99%

Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management

Nguyen

Nain

Klein

et al. 2014

Transactions on Aspect-Oriented Software Development XI

Self Cite

View full text Add to dashboard Cite

Abstract. Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into securitycritical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different componentbased systems running on different adaptive execution platforms, i.e. OSGi and Kevoree.

show abstract

“…Model-based mutation testing has been applied to adaptive systems [2], model-based delegation security policies [7] and logic formula [5]. It has also been used with Simulink models to compare clone-detection algorithms [11].…”

Section: Related Researchmentioning

confidence: 99%

“…Mutation is used in areas like model-based testing, program testing [7], evaluation of clone-detection algorithms [11], generation of large model sets [8], education [9], or evolutionary algorithms [6]. While most of these systems are built ad-hoc, Wodel may automate their construction.…”

Section: Related Researchmentioning

confidence: 99%

Wodel

Gómez‐Abajo

Guerra

Lara

2016

Proceedings of the 31st Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Esta es la versión de autor de la comunicación de congreso publicada en: This is an author produced version of a paper published in: A model mutant is a variation of an original model, created by specific model mutation operations. Model mutation has many applications, for instance, in the areas of model transformation testing, model-based testing or education.In this paper, we present a domain-specific language, called Wodel, for the specification and generation of model mutants. Wodel is domain-independent, as it can be used to generate mutants of models conforming to arbitrary metamodels. Its development environment is extensible, permitting the incorporation of post-processors for different applications. As an example, we show an application consisting on the automated generation of exercises for particular domains (automata, class diagrams, electronic circuits, etc.).

show abstract

Testing Delegation Policy Enforcement via Mutation Analysis

Cited by 5 publications

References 24 publications

Mutation Testing Advances: An Analysis and Survey

Mutation Testing Advances: An Analysis and Survey

Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management

Wodel

Contact Info

Product

Resources

About