The Community for Technology Leaders
Green Image
Issue No. 05 - September/October (2009 vol. 35)
ISSN: 0098-5589
pp: 654-668
Rafae Bhatti , Oracle, Redwood Shores
Arif Ghafoor , Purdue University, West Lafayette
Aditya Mathur , Purdue University, West Lafayette
Ammar Masood , Air University, Islamabad
ABSTRACT
Conformance testing procedures for generating tests from the finite state model representation of Role-Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generated test suite were investigated. One is based on a set of six heuristics and the other directly generates a test suite from the finite state model using random selection of paths in the policy model. Empirical studies revealed that the second approach to test suite generation, combined with one or more heuristics, is most effective in the detection of both first-order mutation and malicious faults and generates a significantly smaller test suite than the one generated directly from the finite state models.
INDEX TERMS
Role-Based Access Control (RBAC), finite state models, fault model, first-order mutants, malicious faults.
CITATION
Rafae Bhatti, Arif Ghafoor, Aditya Mathur, Ammar Masood, "Scalable and Effective Test Generation for Role-Based Access Control Systems", IEEE Transactions on Software Engineering, vol. 35, no. , pp. 654-668, September/October 2009, doi:10.1109/TSE.2009.35
85 ms
(Ver )