Date post: | 06-Jan-2017 |
Category: |
Software |
Upload: | phu-h-nguyen |
View: | 273 times |
Download: | 0 times |
MUTATION WORKSHOP @ ICST 2013
Testing Delegation Policy via Mutation Analysis
Phu H. Nguyen, Mike Papadakis, and Iram Rubab | March 18, 2013
SnT – Interdisciplinary Centre for Security, Reliability and Trust
University of Luxembourg
www.securityandtrust.lu
OutlineBackground & Motivation
Access Control
Delegation
A motivative example
Formal definitions of Access Control & Delegation Policy modelAC & Delegation Policy model
Advanced Delegation Features
A set of delegation mutant operators
A proof-of-concept implementation & some preliminary results
Conclusion & future work
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 2/22
Background
Access Control (AC)Aims at administering users access to resources by enforcing ACpolicy.
An AC policy consists of a set of AC rules.
DelegationAn important aspect of AC.
Plays a key role in the administration mechanism [BGTCCBB10].
“Normal” users themselves allowed to grant some authorizations bydelegation.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 3/22
Background
Access Control (AC)Aims at administering users access to resources by enforcing ACpolicy.
An AC policy consists of a set of AC rules.
DelegationAn important aspect of AC.
Plays a key role in the administration mechanism [BGTCCBB10].
“Normal” users themselves allowed to grant some authorizations bydelegation.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 3/22
A Motivative Example
Library Management SystemBooks can be borrowed and returned on working days. When thelibrary is closed, users can not borrow books. When a book isalready borrowed, a user can make a reservation for this book.
User accounts managed by an administrator (create, modify andremove accounts for new users). A secretary who can order books,add them in the LMS when they are delivered.
The director of the library has the same accesses than the secretaryand he can also consult the accounts of the employees. Theadministrator and the secretary can consult all accounts of users. Allusers can consult the list of books in the library.
Three types of users: public users who can borrow 5 books for 3weeks, students who can borrow 10 books for 3 weeks and teacherswho can borrow 10 books for 2 months.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 4/22
An Example of AC policy
AC policyEntities: roles, activities, views and contexts.
Policy: combinations of the entities with a status (permission/deny).
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 5/22
Some Delegation Situations
Simple delegationThe director delegates her/his permission of consulting personnelaccounts to a secretary during her/his absence.
A secretary delegates her/his role to a librarian.
Library Management System
x add new books x create borrower
account
x consult borrower account
x create borrow account
<<delegatee>>
Librarian (Jane)
Access rights Access rights
<<delegation>>
create borrow account
can access can access
<<delegator>>
Secretary (Alice)
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 6/22
Some Delegation Situations (cont.)
Advanced delegationA secretary transfers her/his role to a librarian.
A secretary is allowed to delegate his/her role to a librarian only andto one librarian at a given time.
The director can delegate, on behalf of a secretary, the secretary’srole to a librarian (e.g. during the secretary’s absence).
If a librarian empowered in role secretary by delegation is no longerable to perform this task, then he/she can/cannot delegate, again,this role to another librarian.
Users can always revoke their own delegations.
The director can revoke users from their delegated roles.
The role administrator is not delegable.
And so on.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 7/22
Formal Definitions
Definition (Access Control Policy Model)Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. An access control policy AC is defined as auser-permission-context assignment relation: AC ✓ U ⇥ P ⇥ C. A user u
is granted permission p in a given context c if and only if (u, p, c) 2 AC.
DelegationBuilt on top of an access control policy.
A delegation policy is composed of delegation rules.Two levels of delegation rules: master-level vs. user-level.
Who has the right to delegate which permission to whom, and in whichcontext.Who is delegating to whom which permission, and in which context.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 8/22
Formal Definitions
Definition (Access Control Policy Model)Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. An access control policy AC is defined as auser-permission-context assignment relation: AC ✓ U ⇥ P ⇥ C. A user u
is granted permission p in a given context c if and only if (u, p, c) 2 AC.
DelegationBuilt on top of an access control policy.
A delegation policy is composed of delegation rules.Two levels of delegation rules: master-level vs. user-level.
Who has the right to delegate which permission to whom, and in whichcontext.Who is delegating to whom which permission, and in which context.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 8/22
Delegation Policy Model
Definition (Master-Level Delegation)
Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. A master-level delegation policy MD is defined as auser-user-permission-context assignment relation: MD ✓ U ⇥ U ⇥ P ⇥ C.A delegation of a permission p from a user u1 to a user u2 in a givencontext c can be performed if and only if (u1, u2, p, c) 2 MD.
Definition (User-Level Delegation)Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. A user-level delegation policy UD is defined as auser-user-permission-context assignment relation: UD ✓ U ⇥ U ⇥ P ⇥ C.A user u2 can have a permission p by delegation from a user u1 in agiven context c if and only if (u1, u2, p, c) 2 UD.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 9/22
Delegation Policy Model
Definition (Master-Level Delegation)
Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. A master-level delegation policy MD is defined as auser-user-permission-context assignment relation: MD ✓ U ⇥ U ⇥ P ⇥ C.A delegation of a permission p from a user u1 to a user u2 in a givencontext c can be performed if and only if (u1, u2, p, c) 2 MD.
Definition (User-Level Delegation)Let U be a set of users, P be a set of permissions, and C be a set ofcontexts. A user-level delegation policy UD is defined as auser-user-permission-context assignment relation: UD ✓ U ⇥ U ⇥ P ⇥ C.A user u2 can have a permission p by delegation from a user u1 in agiven context c if and only if (u1, u2, p, c) 2 UD.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 9/22
Context
Security context associated with AC and Delegation rules [CCB07]The Temporal context that depends on the time at which a subjectis requesting for an access to the system.
The Spatial context that depends on the subject location, e.g. adelegated permission is only active when the delegatee is at office.
The User-declared context that depends on the subject objective(or purpose).
The Prerequisite context saying that a permission is delegated to asubject, but only if some specific conditions (often stored in adatabase) are satisfied, e.g. no more concurrent delegation of aspecific permission allowed exceeding a (predefined) threshold.
The Provisional context that depends on previous actions thesubject has performed in the system.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 10/22
Advanced Delegation Features
Monotonicity of DelegationWhether or not the delegator can still use the permission whiledelegating it.
grantDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC [ {(u2, p, c)}; ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) 2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
transferDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC \ {(u1, p, c)}; AC := AC [ {(u2, p, c)};ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) /2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
Advanced Delegation Features
Monotonicity of DelegationWhether or not the delegator can still use the permission whiledelegating it.
grantDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC [ {(u2, p, c)}; ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) 2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
transferDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC \ {(u1, p, c)}; AC := AC [ {(u2, p, c)};ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) /2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
Advanced Delegation Features
Monotonicity of DelegationWhether or not the delegator can still use the permission whiledelegating it.
grantDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC [ {(u2, p, c)}; ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) 2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
transferDelegation(u1, u2, p, c) : �pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC \ {(u1, p, c)}; AC := AC [ {(u2, p, c)};ULD := ULD [ {(u1, u2, p, c)} endpost (u1, p, c) /2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Advanced Delegation Features (cont.)
Temporary DelegationIts context is associated with some time constraint, only active whilethe time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) : �startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some OthersMultiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
Delegation Mutant Operators
Role-Based Access Control (RBAC)introduces a set of role
decomposes the relation AC into user-role assignment UR ✓ U ⇥ R,and role-permission-context assignment RPC ✓ R ⇥ P ⇥ C.
Thus, AC = UR � RPC.
Basic Delegation Mutant OperatorsThe Permission Delegation Operator (PDM): to replace thepermission being delegated by another permission of the delegator.
PDM(u1, u2, p1a
, c) : �pre (u1, u2, p1a
, c) 2 ULD ^ (u1, r1) 2 UR ^ (u2, r2) 2UR ^ (r1, p1a
, c) 2 RPC ^ (r1, p1b
, c) 2 RPC
body ULD := ULD \ {(u1, u2, p1a
, c)} [ {(u1, u2, p1b
, c)} ;AC := AC [ {(u2, p1b
, c)} endpost (u2, p1b
, c) 2 AC ^ (u1, u2, p1b
, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 13/22
Delegation Mutant Operators
Role-Based Access Control (RBAC)introduces a set of role
decomposes the relation AC into user-role assignment UR ✓ U ⇥ R,and role-permission-context assignment RPC ✓ R ⇥ P ⇥ C.
Thus, AC = UR � RPC.
Basic Delegation Mutant OperatorsThe Permission Delegation Operator (PDM): to replace thepermission being delegated by another permission of the delegator.
PDM(u1, u2, p1a
, c) : �pre (u1, u2, p1a
, c) 2 ULD ^ (u1, r1) 2 UR ^ (u2, r2) 2UR ^ (r1, p1a
, c) 2 RPC ^ (r1, p1b
, c) 2 RPC
body ULD := ULD \ {(u1, u2, p1a
, c)} [ {(u1, u2, p1b
, c)} ;AC := AC [ {(u2, p1b
, c)} endpost (u2, p1b
, c) 2 AC ^ (u1, u2, p1b
, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 13/22
Basic Delegation Mutant Operators(cont.)
The Role Delegation Operator (RDM)The Role Delegation Operator (RDM) is used to simulate errors indelegation of roles.
RDM(u1, u2, r1, c) : �pre (u1, r1) 2 UR ^ (u2, r2) 2 UR ^ (u3, r3) 2 UR ^ r1 6= r2 6=r3 ^ (u1, u2, r1, c) 2 ULD
body ULD := ULD \ {(u1, u2, r1, c)} [ {(u3, u2, r3, c)} ;UR := UR [ {(u2, r3)} endpost (u2, r3) 2 UR ^ (u3, u2, r3, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 14/22
Advanced Delegation Mutant Operators
Monotonic Delegation OperatorsThe Transfer to Grant Delegation Operator (T2G) and the Grant toTransfer Delegation Operator (G2T).
G2T (u1, u2, p, c&IsMonotonic) : �pre (u1, p, c) 2 AC ^ (u1, u2, p, c&IsMonotonic) 2 ULD
body ULD :=ULD\{(u1, u2, p, c&IsMonotonic)}[{(u1, u2, p, c&IsNonMonotonic)}endpost (u1, p, c) /2 AC ^ (u1, u2, p, c&IsNonMonotonic) 2 ULD
T2G(u1, u2, p, c&IsNonMonotonic) : �pre (u1, p, c) /2 AC ^ (u1, u2, p, c&IsNonMonotonic) 2 ULD
body ULD :=ULD \ {(u1, u2, p, c&IsMonotonic)} [ {(u1, u2, p, c&IsMonotonic)}endpost (u1, p, c) 2 AC ^ (u1, u2, p, c&IsMonotonic) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 15/22
Advanced Delegation Mutant Operators(cont.)
Context-based Delegation Operatorse.g. Temporal Delegation Operator (TDM) to mutate the duration oftemporal delegation.
Role-Specific Delegation OperatorsRole Delegation Off-Target 1 Operator (RDOT1).
Role Delegation Off-Target 2 Operator (RDOT2)
Permission-Specific Delegation OperatorsNon-Delegable Permission Delegation Operator (NDPD) to mutate apermission delegation by changing the delegated permission fromdelegable to non-delegable.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 16/22
Advanced Delegation Mutant Operators(cont.)
Multiple Delegation OperatorMultiple Delegation Operator (MultiD).
Multi-step Delegation OperatorRe-delegation Operator (ReD) add a new delegation rule into thepolicy where the delegating permission/role must not be re-delegatedany more (stepCounter = 0).
Delegation Removal OperatorTests should be able to detect that a delegation rule is missing.
Delegation Removal Operator (DR) that removes one of thedelegation rules.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 17/22
Model-Driven Adaptive Delegation[NNK+13]
Access Control Service
Transformation &
Adaptation
Delegation Management Service
Resource Proxy
Components
Role Proxy Components
User Proxy Components
Business Components
Base model – Business Logic mappings service
Native XML-DB Server
Security policy model
Base model
Business Logic DB Server
Authenticate Component
Adaptive Execution Platform
Business Components Business Logic
Components
Resource Proxy
Components
Role Proxy Components
User Proxy Components
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 18/22
3-Layer Architecture reflecting SecurityPolicy
Personnel Account Service
Borrower Account Service
Book Service
Personnel Account Resource
Borrower Account Resource
Book Resource
Admin
Secretary
Librarian
Director
Student
Sam
Bob
Jane
Bill
Mary
consult
update
delete
create
consult
update
delete
create
deliver
fix
borrow reserve
return
User layer Role layer Resource layer Business layer
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 19/22
Mutation Process
Transform &
adapt
Resource Proxy
Components
Role Proxy Components
User Proxy Components
Business Components
Access Control policy
Business Logic model
Authenticate Component
Adaptive Execution Platform
Business Components
Business Logic
Components
Resource Proxy
Components
Role Proxy Component
s
User Proxy Components
Delegation policy
Test cases
Access Control policy
Mutants Mutants
Mutants
Mutate
Compose
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 20/22
Preliminary Results
Table: Some preliminary mutation analysis results
Test Case Killed Mutants Live MutantsTC1 PDM (wrong permission) RDM (delegator fault)TC2 PDM (wrong permission) RDM (delegator replaced)TC3 T2G (wrong type) PDM, RDM (wrong delegator)TC4 PDM (permission replaced) TDM (CE,CR)TC5 TDM (CE,CR) PDM, RDM
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 21/22
Conclusion
Problem & Proposed SolutionTesting Delegation Policy with Advanced Delegation Features.
Delegation Mutant Operators and Mutation Analysis.
DiscussionSemantic delegation mutant operators are necessary to enablemutation analysis for testing delegation.
“Meaningful” test cases should be generated for testing delegation.
Future workA thorough empirical study using the proposed mutant operators.
Automatically generation of test cases for killing the proposedmutants, based on [PM12, PM11].
The integration of Model-Based Testing.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 22/22
References
Meriam Ben-Ghorbel-Talbi, Frederic Cuppens, Nora Cuppens-Boulahia, and Adel Bouhoula.A delegation model for extended rbac.International Journal of Information Security, 9(3):209–236, June 2010.
Frédéric Cuppens and Nora Cuppens-Boulahia.Modeling contextual security policies.International Journal of Information Security, 7(4):285–305, November 2007.
Phu H. Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi, and Yves Le Traon.Model-Driven Adaptive Delegation.In Proceedings of the Aspect-Oriented Software Development conference MODULARITY: aosd?13. ACM, 2013.
Mike Papadakis and Nicos Malevris.Automatically performing weak mutation with the aid of symbolic execution, concolic testing and search-based testing.Software Quality Journal, 19(4):691–723, 2011.
Mike Papadakis and Nicos Malevris.Mutation based test case generation via a path selection strategy.Information & Software Technology, 54(9):915–932, 2012.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 22/22
Thanks to the Fonds National de la Recherche (FNR), Luxembourgfor supporting this work!