Test-Driven Assessment of Access Control in Legacy Applications
作者: Yves Le Traon , Tejeddine Mouelhi , Alexander Pretschner , Benoit Baudry
DOI: 10.1109/ICST.2008.60
关键词:
摘要: If access control policy decision points are not neatly separated from the business logic of a system, evolution security likely leads to necessity changing system's code base. This is often case with legacy systems. We present test- driven methodology assess flexibility property that describes degree coupling between and system. A low indicates modification will lead substantial changes code. In this paper, we analyze notion which related presence hidden implicit mechanisms in logic. detail how testing can be used for detecting such it may drive incremental policy. use several studies illustrate validate methodology.
irisa.fr 
mouelhi.com 参考文章(14)
David Basin, Jürgen Doser, Torsten Lodderstedt, Model driven security ACM Transactions on Software Engineering and Methodology. ,vol. 15, pp. 39- 91 ,(2006) , 10.1145/1125808.1125810
Lionel Briand, Yvan Labiche, A UML-Based Approach to System Testing Software and Systems Modeling. ,vol. 1, pp. 10- 42 ,(2002) , 10.1007/S10270-002-0004-8
Serban I. Gavrila, John F. Barkley, Formal specification for role based access control user/role and role/role relationship management Proceedings of the third ACM workshop on Role-based access control - RBAC '98. pp. 81- 90 ,(1998) , 10.1145/286884.286902
Frédéric Cuppens, Nora Cuppens-Boulahia, Meriam Ben Ghorbel, High Level Conflict Management Strategies in Advanced Access Control Models Electronic Notes in Theoretical Computer Science. ,vol. 186, pp. 3- 26 ,(2007) , 10.1016/J.ENTCS.2007.01.064
Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry, Mutation Analysis for Security Tests Qualification Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007). pp. 233- 242 ,(2007) , 10.1109/TAIC.PART.2007.21
Benoit Baudry, Franck Fleurey, Jean-Marc Jézéquel, Yves Le Traon, From genetic to bacteriological algorithms for mutation‐based testing Software Testing, Verification & Reliability. ,vol. 15, pp. 73- 96 ,(2005) , 10.1002/STVR.313
Yves Le Traon, Tejeddine Mouelhi, Benoit Baudry, Testing Security Policies: Going Beyond Functional Testing international symposium on software reliability engineering. pp. 93- 102 ,(2007) , 10.1109/ISSRE.2007.27
Alexander Pretschner, Tejeddine Mouelhi, Yves Le Traon, Model-Based Tests for Access Control Policies international conference on software testing, verification, and validation. pp. 338- 347 ,(2008) , 10.1109/ICST.2008.44
E. Martin, Tao Xie, Inferring access-control policy properties via machine learning ieee international workshop on policies for distributed systems and networks. pp. 235- 238 ,(2006) , 10.1109/POLICY.2006.19
B. Baudry, F. Fleurey, J.-M. Jezequel, Y. Le Traon, Automatic test case optimization using a bacteriological adaptation model: application to .NET components automated software engineering. pp. 253- 256 ,(2002) , 10.1109/ASE.2002.1115023