Automated test generation for access control policies via change-impact analysis

Evan Martin, Xie Tao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Access control policies are increasingly written in specification languages such as XACML. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing with some typical test inputs (in the form of requests) and check test outputs (in the form of responses) against expected ones. Unfortunately, manual test generation is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present a novel framework and its supporting tool called Cirg that generates tests based on change-impact analysis. Our experimental results show that Cirg can effectively generate tests to achieve high structural coverage of policies and outperforms random test generation in terms of structural coverage and fault-detection capability.

Original languageEnglish (US)
Title of host publicationProceedings - ICSE 2007 Workshops
Subtitle of host publicationThird International Workshop on Software Engineering for Secure Systems, SESS'07
DOIs
StatePublished - 2007
Externally publishedYes
EventICSE 2007 Workshops: Third International Workshop on Software Engineering for Secure Systems, SESS'07 - Minneapolis, MN, United States
Duration: May 20 2007May 26 2007

Publication series

NameProceedings - ICSE 2007 Workshops: Third International Workshop on Software Engineering for Secure Systems, SESS'07

Other

OtherICSE 2007 Workshops: Third International Workshop on Software Engineering for Secure Systems, SESS'07
Country/TerritoryUnited States
CityMinneapolis, MN
Period5/20/075/26/07

ASJC Scopus subject areas

  • Software
  • Automotive Engineering
  • Mechanical Engineering

Fingerprint

Dive into the research topics of 'Automated test generation for access control policies via change-impact analysis'. Together they form a unique fingerprint.

Cite this