A Model -Based Approach to Automated Testing of Access Control Policies
来源:互联网 发布:cn域名抢注著名案例 编辑:程序博客网 时间:2024/06/13 15:43
Dianxiang Xu, Lijo Thomas, Michael Kent, Tejeddine Mouelhi, Yves Le Traon. SACMAT’12
本文工作:
本文作者提出了基于模型的方法测试Access Control Policies。采用的模型是PrT网。PrT网是Petri网的简化,它由places,transitions和arcs构成。
每一个place中包含一个token的集合,所有place中token的集合为一个marking。每一个arc上被标记了参数表。当起始place中包含了边上参数的
具体值,则对应的transition被激活(enabled),一个被激活的transition被fired,firing一个transition,同时伴随着两种操作:
1、将输入place中的tokens都删掉;
2、向输出place中加入tokens;
本文对RBAC进行建模和测试。一条Access Rule的形式是<r, o, a, c, t>,r表示角色,o表示对象或者资源,a表示动作,c表示上下文环境,t表示允许
(permission)或者拒绝(prohibition)。
PrT网通过transition,前置条件和后置条件来刻画一条规则对应的活动。前置条件和后置条件由place来描述,当place中包含具体的token时,表示条
件满足。例如学生角色的某条规则,表示学生在工作日的借书活动是被允许的,可以用如下
PrT网来描述:
起初available中放置Book1,day中放置WD,borrowed中没有token。根据transition被激活的条件,此时transition BorrowBook被激活,同时available
中的Book1被拿走,放到borrowed中。
为待测试police建立好模型后,就要从模型生成测试用例。从模型直接得到的测试用例是抽象的,即不能直接作为系统的输入带入到系统中执行。作者建立了
模型元素到代码块的映射,从而实现了从抽象测试输入到可执行测试输入的转换。
本文贡献:
1、设计了自动化构建RBAC PrT模型的方法;
2、实现了由PrT模型自动生成可执行测试用例的方法;
- A Model -Based Approach to Automated Testing of Access Control Policies
- A Fault Model and Mutation Testing of Access Control Policies
- Model-Based Tests for Access Control Policies
- Automated Test Generation for Access Control Policies via Change-Impact Analysis
- Verification and Change-Impact Analysis of Access Control Policies
- How to make a automated testing for web applications
- model based testing
- Describing People: A Poselet-Based Approach to Attribute Classification
- Model-Based Long Haul Testing
- How to show/hide a control in the Column's DataItemTemplate based on the value of another control
- How to Succeed at Automated Testing
- KDD 2014 “A Dirichlet Multinomial Mixture Model-based Approach for Short Text Clustering” 的主要思想
- A Probabilistic Graphical Model-based Approach for Minimizing Energy Under Performance Constraints
- A Role-Based Access Control (RBAC) system for PHP
- An algorithm for routing control of a tandem automated guided vehicle system
- SURVIVING THE TOP TEN CHALLENGES OF SOFTWARE TESTING: A PEOPLE-ORIENTED APPROACH
- Integrated.Approach.to.Web.Performance.Testing.A.Practitioners.Guide.Jan.2006
- Practical software testing: a process-oriented approach
- M/KB/byte之间的转换
- Automated Test Generation for Access Control Policies via Change-Impact Analysis
- numeric 类型 的计算
- 使用ViewPager和GridView配合,实现GridView横向水平滑动的效果。
- 改变文件权限和属性
- A Model -Based Approach to Automated Testing of Access Control Policies
- linux指令大全(完整篇)
- FlashBuilder方便的调试UI插件Monster Debugger
- qsort()使用总结
- 互斥锁pthread_mutex_t的使用(转载)
- Android多媒体
- vc中关于 directx的配置,和dxsdk_extras(directshow)
- A. Array
- A Fault Model and Mutation Testing of Access Control Policies