| 1 | JeeHyun Hwang and Tao Xie and Donia El Kateb and Tejeddine Mouelhi and Yves Le Traon
Selection of regression system tests for security policy evolution
{IEEE/ACM} International Conference on Automated Software Engineering, ASE'12, Essen, Germany, September 3-7, 2012, 2012. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{hwang_ASE_12,
author = {JeeHyun Hwang and Tao Xie and Donia El Kateb and Tejeddine Mouelhi and Yves Le Traon},
title = {Selection of regression system tests for security policy evolution},
booktitle = {{IEEE/ACM} International Conference on Automated Software Engineering, ASE'12, Essen, Germany, September 3-7, 2012},
year = {2012},
address = {},
month = {},
pages = {266--269}
} |
| 2 | Yehia Elrakaiby and Tejeddine Mouelhi and Yves Le Traon
Testing Obligation Policy Enforcement Using Mutation Analysis
Fifth {IEEE} International Conference on Software Testing, Verification and Validation, {ICST} 2012, Montreal, QC, Canada, April 17-21, 2012, 2012. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{elrakaiby_icstw_12,
author = {Yehia Elrakaiby and Tejeddine Mouelhi and Yves Le Traon},
title = {Testing Obligation Policy Enforcement Using Mutation Analysis},
booktitle = {Fifth {IEEE} International Conference on Software Testing, Verification and Validation, {ICST} 2012, Montreal, QC, Canada, April 17-21, 2012},
year = {2012},
address = {},
month = {},
pages = {673--680}
} |
| 3 | Alexandre Bartel and Benoit Baudry and Freddy Munoz and Jacques Klein and Tejeddine Mouelhi and Yves Le Traon
Model Driven Mutation Applied to Adaptative Systems Testing
Fourth {IEEE} International Conference on Software Testing, Verification and Validation, {ICST} 2011 Workshops Proceedings, March 21 - March 25, 2011, Berlin, Germany, 2011. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{bartel_ICSTW_11,
author = {Alexandre Bartel and Benoit Baudry and Freddy Munoz and Jacques Klein and Tejeddine Mouelhi and Yves Le Traon},
title = {Model Driven Mutation Applied to Adaptative Systems Testing},
booktitle = {Fourth {IEEE} International Conference on Software Testing, Verification and Validation, {ICST} 2011 Workshops Proceedings, March 21 - March 25, 2011, Berlin, Germany},
year = {2011},
address = {},
month = {},
pages = {408--413}
} |
| 4 | Tejeddine Mouelhi and Yves Le Traon and Benoit Baudry
Transforming and Selecting Functional Test Cases for Security Policy Testing
Second International Conference on Software Testing Verification and Validation, {ICST} 2009, Denver, Colorado, USA, April 1-4, 2009, 2009. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{mouelhi_icst_09,
author = {Tejeddine Mouelhi and Yves Le Traon and Benoit Baudry},
title = {Transforming and Selecting Functional Test Cases for Security Policy Testing},
booktitle = {Second International Conference on Software Testing Verification and Validation, {ICST} 2009, Denver, Colorado, USA, April 1-4, 2009},
year = {2009},
address = {},
month = {},
pages = {171--180}
} |
| 5 | Tejeddine Mouelhi and Benoit Baudry and Yves Le Traon
Transforming and Selecting Functional Test Cases for Security Policy Testing
Proceedings of the 2nd International Conference on Software Testing, Verification and ValidationDenver, Colorado, 1-4 April 2009. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhFBL09,
author = {Tejeddine Mouelhi and Benoit Baudry and Yves Le Traon},
title = {Transforming and Selecting Functional Test Cases for Security Policy Testing},
booktitle = {Proceedings of the 2nd International Conference on Software Testing, Verification and Validation},
year = {2009},
address = {Denver, Colorado},
month = {1-4 April},
pages = {171–180}
} |
| 6 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry
A Generic Metamodel For Security Policies Mutation
Proceedings of the IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08)Lillehammer, Norway, 9-11 April 2008. |
|
| | Abstract: We present a new approach for mutation analysis of security policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies. |
| | @INPROCEEDINGS{MouelhiFB08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry},
title = {A Generic Metamodel For Security Policies Mutation},
booktitle = {Proceedings of the IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08)},
year = {2008},
address = {Lillehammer, Norway},
month = {9-11 April},
pages = {278-286}
} |
| 7 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon
Mutating DAC And MAC Security Policies: A Generic Metamodel Based Approach
Proceedings of the 1st International Modeling Security WorkshopToulouse, France, 28th September 2008. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhiFBL08a,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon},
title = {Mutating DAC And MAC Security Policies: A Generic Metamodel Based Approach},
booktitle = {Proceedings of the 1st International Modeling Security Workshop},
year = {2008},
address = {Toulouse, France},
month = {28th September},
pages = {}
} |
| 8 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry
A Generic Metamodel For Security Policies Mutation
First International Conference on Software Testing Verification and Validation, {ICST} 2008, Lillehammer, Norway, April 9-11, 2008, Workshops Proceedings, 2008. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{mouelhi_icst_08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry},
title = {A Generic Metamodel For Security Policies Mutation},
booktitle = {First International Conference on Software Testing Verification and Validation, {ICST} 2008, Lillehammer, Norway, April 9-11, 2008, Workshops Proceedings},
year = {2008},
address = {},
month = {},
pages = {278--286}
} |
| 9 | Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon
A Model-based Framework for Security Policies Specifications, Deployment and Testing
Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems (MoDELS'08)Toulouse, France, 28 September - 1 October 2008. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhiFBL08,
author = {Tejeddine Mouelhi and Franck Fleurey and Benoit Baudry and Yves Le Traon},
title = {A Model-based Framework for Security Policies Specifications, Deployment and Testing},
booktitle = {Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems (MoDELS'08)},
year = {2008},
address = {Toulouse, France},
month = {28 September - 1 October},
pages = {537–552}
} |
| 10 | Alexander Pretschner and Tejeddine Mouelhi and Yves Le Traon
Model-Based Tests for Access Control Policies
Proceedings of the 1st International Conference on Software Testing, Verification, and Validation (ICST '08)Lillehammer, Norway, 9-11 April 2008. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{PretschnerMT08,
author = {Alexander Pretschner and Tejeddine Mouelhi and Yves Le Traon},
title = {Model-Based Tests for Access Control Policies},
booktitle = {Proceedings of the 1st International Conference on Software Testing, Verification, and Validation (ICST '08)},
year = {2008},
address = {Lillehammer, Norway},
month = {9-11 April},
pages = {338-347}
} |
| 11 | Yves Le Traon and Tejeddine Mouelhi and Benoit Baudry
Testing Security Policies: Going Beyond Functional Testing
The 18th IEEE International Symposium on Software ReliabilityTrollh\"attan, Sweden, 5-9 November 2007. |
|
| | Abstract: While important efforts are dedicated to system functional testing, very few works study how to test specifically security mechanisms, implementing a security policy. This paper introduces security policy testing as a specific target for testing. We propose two strategies for producing security policy test cases, depending if they are built in complement of existing functional test cases or independently from them. Indeed, any security policy is strongly connected to system functionality: testing functions includes exercising many security mechanisms. However, testing functionality does not intend at putting to the test security aspects. We thus propose test selection criteria to produce tests from a security policy. To quantify the effectiveness of a set of test cases to detect security policy flaws, we adapt mutation analysis and define security policy mutation operators. A library case study, a 3-tiers architecture, is used to obtain experimental trends. Results confirm that security must become a specific target of testing to reach a satisfying level of confidence in security mechanisms. |
| | @INPROCEEDINGS{TraonMB07,
author = {Yves Le Traon and Tejeddine Mouelhi and Benoit Baudry},
title = {Testing Security Policies: Going Beyond Functional Testing},
booktitle = {The 18th IEEE International Symposium on Software Reliability},
year = {2007},
address = {Trollh\"attan, Sweden},
month = {5-9 November},
pages = {93-102}
} |
| 12 | Tejeddine Mouelhi and Yves Le Traon and Benoit Baudry
Mutation Analysis for Security Tests Qualification
Proceedings of the 3rd Workshop on Mutation Analysis (MUTATION'07)Windsor, UK, 10-14 September 2007. |
|
| | Abstract: In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discuss and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tier architecture. |
| | @INPROCEEDINGS{MouelhiTB07,
author = {Tejeddine Mouelhi and Yves Le Traon and Benoit Baudry},
title = {Mutation Analysis for Security Tests Qualification},
booktitle = {Proceedings of the 3rd Workshop on Mutation Analysis (MUTATION'07)},
year = {2007},
address = {Windsor, UK},
month = {10-14 September},
pages = {233-242}
} |
