Testing of PolPA-based usage control systems

Bertolino, Antonia; Daoudagh, Said; Lonetti, Francesca; Marchetti, Eda; Martinelli, Fabio; Mori, Paolo

doi:10.1007/s11219-013-9216-0

Cited by 16 publications

(13 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section presents mutation-based approaches related to security. More precisely, applications on testing security policies [309][310][311][312][313], regression testing of security policies [314] and testing security protocols [315] are shortly described.…”

Section: Security Testingmentioning

confidence: 99%

Mutation Testing Advances: An Analysis and Survey

Papadakis

Kintis

Zhang

et al. 2019

Advances in Computers

348

343

View full text Add to dashboard Cite

Mutation testing realises the idea of using artificial defects to support testing activities. Mutation is typically used as a way to evaluate the adequacy of test suites, to guide the generation of test cases and to support experimentation.Mutation has reached a maturity phase and gradually gains popularity both in academia and in industry. This chapter presents a survey of recent advances, over the past decade, related to the fundamental problems of mutation testing and sets out the challenges and open problems for the future development of the method. It also collects advices on best practices related to the use of mutation in empirical studies of software testing. Thus, giving the reader a 'mini-handbook'-style roadmap for the application of mutation testing as experimental methodology.

show abstract

Section: Security Testingmentioning

confidence: 99%

Mutation Testing Advances: An Analysis and Survey

Papadakis

Kintis

Zhang

et al. 2019

Advances in Computers

348

343

View full text Add to dashboard Cite

show abstract

“…For paths having the same verdict, the evaluation order of the paths is based on their length, namely the shortest path takes the precedence. For the policy of Listing 1, the order of the evaluated paths is (1), (4), (2) and (3).…”

Section: Test Oraclementioning

confidence: 99%

“…Test cases and oracle derivation. Considering the automated test cases generation, solutions have been proposed for testing either the XACML policy or the PDP implementation [2,3]. Among them, the most referred ones such as X-CREATE and the Targen tools [3,12] use combinatorial approaches for test cases generation.…”

Section: Related Workmentioning

confidence: 99%

An automated model-based test oracle for access control systems

Bertolino

Daoudagh

Lonetti

et al. 2018

Proceedings of the 13th International Workshop on Automation of Software Test

Self Cite

View full text Add to dashboard Cite

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.

show abstract

“…Models like attack trees [Morais et al 2011], UML state machines [Hussein and Zulkernine 2006], and transition nets [Xu et al 2012], are used to generate sequences of illegal actions, which are not relevant for testing data processing systems where the complexity of the testing process lies in the definition of the input data and mappings to complex, structured outputs. Mutation-based approaches instead alter valid field data or existing test inputs to generate invalid test inputs [Shan and Zhu 2009;Bertolino et al 2014;De Jonge and Visser 2012]. The main limitation of these approaches is that they cannot generate test inputs from scratch to test new data requirements.…”

Section: Related Workmentioning

confidence: 99%

Augmenting Field Data for Testing Systems Subject to Incremental Requirements Changes

Nardo

Pastore

Briand

2017

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

When testing data processing systems, software engineers often use real world data to perform system level testing. However, in the presence of new data requirements software engineers may no longer benefit from having real world data with which to perform testing. Typically, new test inputs complying with the new requirements have to be manually written.We propose an automated model-based approach that combines data modelling and constraint solving to modify existing field data to generate test inputs for testing new data requirements. The approach scales in the presence of complex and structured data, thanks to both the reuse of existing field data and the adoption of an innovative input generation algorithm based on slicing the model into parts.We validated the scalability and effectiveness of the proposed approach using an industrial case study. The empirical study shows that the approach scales in the presence of large amounts of structured and complex data. The approach can produce, within a reasonable time, test input data that is over ten times larger in size than the data generated with constraint solving only. We also demonstrate that the generated test inputs achieve more code coverage than the test cases implemented by experienced software engineers.

show abstract

Testing of PolPA-based usage control systems

Cited by 16 publications

References 20 publications

Mutation Testing Advances: An Analysis and Survey

Mutation Testing Advances: An Analysis and Survey

An automated model-based test oracle for access control systems

Augmenting Field Data for Testing Systems Subject to Incremental Requirements Changes

Contact Info

Product

Resources

About