一种基于模型的访问控制策略自动化测试方法

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI:10.1145/2295136.2295173

Dianxiang Xu, Lijo Thomas, Michael Kent, T. Mouelhi, Yves Le Traon

{"title":"一种基于模型的访问控制策略自动化测试方法","authors":"Dianxiang Xu, Lijo Thomas, Michael Kent, T. Mouelhi, Yves Le Traon","doi":"10.1145/2295136.2295173","DOIUrl":null,"url":null,"abstract":"Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"21 1","pages":"209-218"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":"{\"title\":\"A model-based approach to automated testing of access control policies\",\"authors\":\"Dianxiang Xu, Lijo Thomas, Michael Kent, T. Mouelhi, Yves Le Traon\",\"doi\":\"10.1145/2295136.2295173\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.\",\"PeriodicalId\":74509,\"journal\":{\"name\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"volume\":\"21 1\",\"pages\":\"209-218\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"41\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2295136.2295173\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2295136.2295173","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 41

摘要

由于各种原因，软件系统中的访问控制策略可能无法正确实现。本文提出了一种基于模型的访问控制实现自动化测试方法。为了提供基于模型的测试过程，测试模型是通过集成相关活动的声明性访问控制规则和契约(前提条件和后设条件)来构建的。从测试模型生成访问控制测试，以执行访问控制活动的交互。测试可执行性是通过建模元素到实现构造的映射获得的。该方法已经在业界采用的测试自动化框架中实现，该框架支持以各种语言生成测试代码，例如Java、C、c++、c#和HTML/Selenium IDE。完整的基于模型的测试过程已经应用于两个用Java实现的系统。利用访问控制实现的突变分析，从访问控制故障检出率的角度评估了该方法的有效性。实验表明，基于模型的测试杀死了99.7%的突变体，剩余的突变体没有造成政策违规。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A model-based approach to automated testing of access control policies

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量