Referenced Items are not available for this document.
Access control policies are increasingly written in specification languages such as XACML. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing with some typical test inputs (in the form of requests) and check test outputs (in the form of responses) against expected ones. Unfortunately, manual test generation is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present a novel framework and its supporting tool called Cirg that generates tests based on change- impact analysis. Our experimental results show that Cirg can effectively generate tests to achieve high structural coverage of policies and outperforms random test generation in terms of structural coverage and fault-detection capability.
Published in:
Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
Date of Conference: 20-26 May 2007
- Page(s):
- 5
- Print ISBN:
- 0-7695-2952-6
- INSPEC Accession Number:
- 9835094
- Conference Location :
- Minneapolis, MN
- Digital Object Identifier :
- 10.1109/SESS.2007.5
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
