This Article 
 Bibliographic References 
 Add to: 
Scalable and Effective Test Generation for Role-Based Access Control Systems
September/October 2009 (vol. 35 no. 5)
pp. 654-668
Ammar Masood, Air University, Islamabad
Rafae Bhatti, Oracle, Redwood Shores
Arif Ghafoor, Purdue University, West Lafayette
Aditya Mathur, Purdue University, West Lafayette
Conformance testing procedures for generating tests from the finite state model representation of Role-Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generated test suite were investigated. One is based on a set of six heuristics and the other directly generates a test suite from the finite state model using random selection of paths in the policy model. Empirical studies revealed that the second approach to test suite generation, combined with one or more heuristics, is most effective in the detection of both first-order mutation and malicious faults and generates a significantly smaller test suite than the one generated directly from the finite state models.

[1] T. Ahmed and A.R. Tripathi, “Static Verification of Security Requirements in Role Based CSCW Systems,” Proc. Symp. Access Control Models and Technologies, pp. 196-203, 2003.
[2] G-J. Ahn and R. Sandhu, “Role-Based Authorization Constraints Specification,” ACM Trans. Information and System Security, vol. 3, no. 4, pp. 207-226, 2000.
[3] A.V. Aho, A.T. Dahbura, D. Lee, and M.U. Uyar, “An Optimization Technique for Protocol Conformance Test Generation Based on UIO Sequences and Rural Chinese Postman Tours,” IEEE Trans. Comm., vol. 39, no. 11, pp. 1604-1615, Nov. 1991.
[4] J.H. Andrews, L.C. Briand, and Y. Labiche, “Is Mutation an Appropriate Tool for Testing Experiments?” Proc. Int'l Conf. Software Eng., pp. 402-411, 2005.
[5] F. Belli and R. Crisan, “Towards Automation of Checklist-Based Code Reviews,” Proc. Int'l Symp. Software Reliability Eng., pp. 24-33, 1996.
[6] R. Bhatti, A. Ghafoor, E. Bertino, and J.B.D. Joshi, “X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control,” ACM Trans. Information and System Security, vol. 8, no. 2, pp. 187-227, 2005.
[7] R. Chandramouli and M. Blackburn, “Automated Testing of Security Functions Using a Combined Model & Interface Driven Approach,” Proc. 37th Hawaii Int'l Conf. System Sciences, pp. 299-308, 2004.
[8] T.S. Chow, “Testing Software Design Modelled by Finite State Machines,” IEEE Trans. Software Eng., vol. 4, no. 3, pp. 178-187, May 1978.
[9] D.M. Cohen, S.R. Dalal, J. Parelius, and G.C. Patton, “The Combinatorial Design Approach to Automatic Test Generation,” IEEE Software, vol. 13, no. 5, pp. 83-89, Sept. 1996.
[10] M. Daran and P. Thèvenod-Fosse, “Software Error Analysis: A Real Case Study Involving Real Faults and Mutations,” Proc. Int'l Symp. Software Testing and Analysis, pp. 158-171, 1996.
[11] R.A. DeMillo, R.J. Lipton, and F.G. Sayward, “Hints on Test Data Selection,” Computer, vol. 11, no. 4, pp. 34-41, Apr. 1978.
[12] M. Drouineaud, M. Bortin, P. Torrini, and K. Sohr, “A First Step Towards Formal Verification of Security Policy Properties for RBAC,” Proc. Int'l Conf. Quality Software, pp. 60-67, 2004.
[13] D. Ferraiolo and R. Kuhn, “Role-Based Access Control,” Proc. NIST-NSA Computer Security Conf., pp. 554-563, 1992.
[14] D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Control,” ACM Trans. Information and System Security, vol. 4, no. 3, pp. 224-274, 2001.
[15] G. Friedman, A. Hartman, K. Nagin, and T. Shiran, “Projected State Machine Coverage for Software Testing,” Proc. Int'l Symp. Software Testing and Analysis, pp. 134-143, 2002.
[16] S. Fujiwara, G.V. Bochmann, F. Khendek, M. Amalou, and A. Ghedamsi, “Test Selection Based on Finite State Models,” IEEE Trans. Software Eng., vol. 17, no. 6, pp. 591-603, June 1991.
[17] F. Hansen and V. Oleshchuk, “Conformance Checking of RBAC Policy and Its Implementation,” Proc. Information Security Practice and Experience Conf., R.H. Deng, F. Bao, H-H. Pang, and J. Zhou, eds., 2005.
[18] ANSI RBAC Standard, 2004.pdf , 2008.
[19] Common Vulnerabilities and Exposures, http:/, 2009.
[20] C.N. Ip and D.L. Dill, “Better Verification through Symmetry,” Formal Methods System Design, vol. 9, nos. 1/2, pp. 41-75, 1996.
[21] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A Generalized Temporal Role-Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005.
[22] J.B.D. Joshi, B. Shafiq, A. Ghafoor, and E. Bertino, “Dependencies and Separation of Duty Constraints in GTRBAC,” Proc. Symp. Access Control Models and Technologies, pp. 51-64, 2003.
[23] E.C. Lupu and M. Sloman, “Conflicts in Policy-Based Distributed Systems Management,” IEEE Trans. Software Eng., vol. 25, no. 6, pp. 852-869, Nov./Dec. 1999.
[24] Y-S. Ma, J. Offutt, and Y-R. Kwon, “MuJava: An Automated Class Mutation System,” Software Testing, Verification and Reliability, vol. 15, no. 2, pp. 97-133, 2005.
[25] A. Masood, R. Bhatti, A. Ghafoor, and A. Mathur, “Scalable and Effective Test Generation for Role Based Access Control Systems,” Technical Report TR 2006-24, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue Univ., 2006.
[26] K.K. Sabnani and A.T. Dahbura, “A Protocol Test Generation Procedure,” Computer Networks and ISDN Systems, vol. 15, pp. 285-297, 1988.
[27] R. Sandhu and P. Samarati, “Access Control: Principles and Practice,” IEEE Comm., vol. 32, no. 9, pp. 40-48, Sept. 1994.
[28] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[29] D.P. Sidhu and T.K. Leung, “Formal Methods for Protocol Testing: A Detailed Study,” IEEE Trans. Software Eng., vol. 15, no. 4, pp.413-426, Apr. 1989.
[30] H. Zhu, P.A.V. Hall, and J.H.R. May, “Software Unit Test Coverage and Adequacy,” ACM Computing Surveys, vol. 29, no. 4, pp. 366-427, Dec. 1997.

Index Terms:
Role-Based Access Control (RBAC), finite state models, fault model, first-order mutants, malicious faults.
Ammar Masood, Rafae Bhatti, Arif Ghafoor, Aditya Mathur, "Scalable and Effective Test Generation for Role-Based Access Control Systems," IEEE Transactions on Software Engineering, vol. 35, no. 5, pp. 654-668, Sept.-Oct. 2009, doi:10.1109/TSE.2009.35
Usage of this product signifies your acceptance of the Terms of Use.