A Fault Model and Mutation Testing of Access Control Policies
来源:互联网 发布:复杂流程图 软件 编辑:程序博客网 时间:2024/06/14 23:21
Evan Martin and Tao Xie, WWW 2007
本文工作:
本文侧重于对access policy的mutation分析技术的探究。mutation analysis在程序测试分析中的应用已经较为成熟,然而目前还没有较充分的研究工作关注于
access policy的mutation analysis。应当为access policy建立什么样的错误模型,这些错误模型能否有效地评估测试用例(在access policy测试中是request),
是本文研究的重点。作者提出了三个policy覆盖准则,以及两种测试生成方法,试图探究生成的测试用例的policy覆盖率与检测错误能力之间的关系。
Mutation operators
上表是作者定义的11种mutation operator。这些mutation operator都是针对XACML设计的,包括诸如decision的修改等等。
Coverage criteria
Policy coverage:如果某个policy适用于某个request,就说该policy被覆盖了
Rule coverage:如果某个rule适用于某个request,就说该rule被覆盖了
Condition coverage:The evaluation of the condition for a rule has two outcomes: true and false, which are called as the true condition and false condition
, respectively. A true (false) condition for a rule is covered by a request if the rule is covered by the request and the condition is evaluated to be true (false).
Test generation
Random Test Generation:按属性值随机生成request。具体的,一个request是一个向量,每一维是0或1,若属性被选中,则为1,否则为0
Test Generation via Change-Impact Analysis:利用Margrave工具的change-impact分析能力,首先生成目标policy(rule)的另一个版本,借助Magrave可以生成一个反例request
,即得到了一个覆盖目标policy(rule)的request
本文贡献:
1、提出了access control policies的错误模型;
2、开发了工具,用于自动生成包含mutation policy的工具;
- A Fault Model and Mutation Testing of Access Control Policies
- A Model -Based Approach to Automated Testing of Access Control Policies
- Verification and Change-Impact Analysis of Access Control Policies
- Model-Based Tests for Access Control Policies
- Mutation testing
- The Windows Access Control Model
- A New Venn Of Access Control For The API Economy
- A question of Testing
- A Model-Based Framework for Security Policy Specification, Deployment and Testing
- Testing security policies: going beyond functional testing
- Automated Test Generation for Access Control Policies via Change-Impact Analysis
- ACL-The Windows Access Control Model
- 访问控制模型(Access Control Model)
- Blobs, Layers, and Nets: anatomy of a Caffe model
- 1.Declaration And Access Control
- Mapping an application - Access control testing - Helper tool
- C变异测试 mutation testing 工具 Milu
- Database Testing – Properties of a Good Test Data and Test Data Preparation Techniques
- qsort()使用总结
- 互斥锁pthread_mutex_t的使用(转载)
- Android多媒体
- vc中关于 directx的配置,和dxsdk_extras(directshow)
- A. Array
- A Fault Model and Mutation Testing of Access Control Policies
- jboss端口说明
- OpenCV写入的视频
- 关于 DEBUG_NEW
- 解像度
- Verification and Change-Impact Analysis of Access Control Policies
- android 反编译
- 在Linux下安装android开发环境并以USB调试方式链接手机进行开发
- 2013-5-1