Test-Driven Assessment of Access Control in Legacy Applications

Yves Le Traon; Benoit Baudry; Tejeddine Mouelhi; Alexander Pretschner

doi:10.1109/ICST.2008.60

I
ICST
2008
2008 International Conference on Software Testing, Verification, and Validation
Abstract - Test-Driven Assessment of Access Control in Legacy Applications

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yves Le Traon Articles by Tejeddine Mouelhi Articles by Alexander Pretschner Articles by Benoit Baudry

2008 International Conference on Software Testing, Verification, and Validation

Test-Driven Assessment of Access Control in Legacy Applications

April 09-April 11

ISBN: 978-0-7695-3127-4

	ASCII Text	x
	Yves Le Traon, Tejeddine Mouelhi, Alexander Pretschner, Benoit Baudry, "Test-Driven Assessment of Access Control in Legacy Applications," Software Testing, Verification, and Validation, 2008 International Conference on, pp. 238-247, 2008 International Conference on Software Testing, Verification, and Validation, 2008.

	BibTex	x
	@article{ 10.1109/ICST.2008.60, author = {Yves Le Traon and Tejeddine Mouelhi and Alexander Pretschner and Benoit Baudry}, title = {Test-Driven Assessment of Access Control in Legacy Applications}, journal ={Software Testing, Verification, and Validation, 2008 International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3127-4}, pages = {238-247}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICST.2008.60}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Testing, Verification, and Validation, 2008 International Conference on TI - Test-Driven Assessment of Access Control in Legacy Applications SN - 978-0-7695-3127-4 SP238 EP247 A1 - Yves Le Traon, A1 - Tejeddine Mouelhi, A1 - Alexander Pretschner, A1 - Benoit Baudry, PY - 2008 KW - null VL - 0 JA - Software Testing, Verification, and Validation, 2008 International Conference on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICST.2008.60

If access control policy decision points are not neatly separated from the business logic of a system, the evolution of a security policy likely leads to the necessity of changing the system’s code base. This is often the case with legacy systems. We present a test- driven methodology to assess the flexibility of a system, a property that describes the degree of coupling be-tween the access control logic and the business logic of a system. A low flexibility indicates that a modification of the policy will lead to substantial changes of the code. In this paper, we analyze the notion of flexibility which is related to the presence of hidden and implicit security mechanisms in the business logic. We detail how testing can be used for detecting such mechanisms and how it may drive the incremental evolution of a security policy. We use several case studies to illus-trate and validate the methodology.

Citation:

Yves Le Traon, Tejeddine Mouelhi, Alexander Pretschner, Benoit Baudry, "Test-Driven Assessment of Access Control in Legacy Applications," icst, pp.238-247, 2008 International Conference on Software Testing, Verification, and Validation, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.