author was on sabbatical leave at ENST Bretagne. Financial and organizational support is gratefully acknowledged. We present a model-based approach to testing ac-cess control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model— and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is re-quired at this stage. As a consequence, our methodol-ogy applies to arbitrary implementations of the polic...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Abstract: This paper is about generating security tests from the Common Criteria expression of a sec...
peer reviewedXACML is the de facto standard for implementing access control policies. Testing the co...
International audienceWe present a model-based approach to testing access control requirements. By u...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
Previous access control policy testing techniques Ineffective, failing to cover important rules Co...
peer reviewedAccess control policies in software systems can be implemented incorrectly for various ...
Access control is essential for safe and secure access to software and hardware resources. Operating...
Access control policies are increasingly written in specification lan-guages such as XACML. A dedica...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
Any type of system, having different users, need to have a access control system for authorized acce...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
We explain how a parameterized model checking technique can be exploited to mechanize the analysis o...
International audienceIf access control policy decision points are not neatly separated from the bus...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Abstract: This paper is about generating security tests from the Common Criteria expression of a sec...
peer reviewedXACML is the de facto standard for implementing access control policies. Testing the co...
International audienceWe present a model-based approach to testing access control requirements. By u...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
Previous access control policy testing techniques Ineffective, failing to cover important rules Co...
peer reviewedAccess control policies in software systems can be implemented incorrectly for various ...
Access control is essential for safe and secure access to software and hardware resources. Operating...
Access control policies are increasingly written in specification lan-guages such as XACML. A dedica...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
Any type of system, having different users, need to have a access control system for authorized acce...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
We explain how a parameterized model checking technique can be exploited to mechanize the analysis o...
International audienceIf access control policy decision points are not neatly separated from the bus...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Abstract: This paper is about generating security tests from the Common Criteria expression of a sec...
peer reviewedXACML is the de facto standard for implementing access control policies. Testing the co...