By Topic

Testing Obligation Policy Enforcement Using Mutation Analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Yehia Elrakaiby ; Security, Reliability & Trust Interdiscipl. Res. Center, Univ. of Luxembourg, Luxembourg City, Luxembourg ; Tejeddine Mouelhi ; Yves Le Traon

The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these policies, it is crucial to ensure their correct enforcement and management in the system. For this reason, this paper introduces a set of mutation operators for obligation policies. The paper first identifies key elements in obligation policy management, then presents mutation operators which injects minimal errors which affect these aspects. Test cases are qualified w.r.t. their ability in detecting problems, simulated by mutation, in the interactions between policy management and the application code. The use of policy mutants as substitutes for real flaws enables a first investigation of testing obligation policies in a system. We validate our work by providing an implementation of the mutation process: the experiments conducted on a Java program provide insights for improving test selection.

Published in:

2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

Date of Conference:

17-21 April 2012