| Abstract: To increase confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (requests) and subsequently checking test outputs (responses) against expected ones. Unfortunately, manual testing is tedious and few tools exist for automated testing of access control policies. We present a fault model for access control policies and a framework to explore it. The framework includes mutation operators used to implement the fault model, mutant generation, equivalent-mutant detection, and mutant-killing determination. This framework allows us to investigate our fault model, evaluate coverage criteria for test generation and selection, and determine a relationship between structural coverage and fault-detection effectiveness. We have implemented the framework and applied it to various policies written in XACML. Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection. |
| @INPROCEEDINGS{MartinX07,
author = {Evan E. Martin and Tao Xie},
title = {A Fault Model and Mutation Testing of Access Control Policies},
booktitle = {Proceedings of the 16th International Conference on World Wide Web},
year = {2007},
address = {Banff, Alberta, Canada},
month = {8-12 May},
pages = {667-676}
} |