Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a varie...
Obligations are mandatory actions that users must perform, addressing access control requirements. T...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Any type of system, having different users, need to have a access control system for authorized acce...
peer reviewedAccess control policies in software systems can be implemented incorrectly for various ...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
peer reviewedRole-based access control is an important access control method for securing computer s...
International audienceWe present a model-based approach to testing access control requirements. By u...
Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained...
author was on sabbatical leave at ENST Bretagne. Financial and organizational support is gratefully ...
Access control is essential for safe and secure access to software and hardware resources. Operating...
The world\u27s increased dependence on software-enabled systems has raised major concerns about soft...
This thesis focuses on the issue of security testing of web-applications, considering the internal p...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are mod...
Testing is the dominant technique for quality assurance of software systems. It typically consumes c...
Obligations are mandatory actions that users must perform, addressing access control requirements. T...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Any type of system, having different users, need to have a access control system for authorized acce...
peer reviewedAccess control policies in software systems can be implemented incorrectly for various ...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
peer reviewedRole-based access control is an important access control method for securing computer s...
International audienceWe present a model-based approach to testing access control requirements. By u...
Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained...
author was on sabbatical leave at ENST Bretagne. Financial and organizational support is gratefully ...
Access control is essential for safe and secure access to software and hardware resources. Operating...
The world\u27s increased dependence on software-enabled systems has raised major concerns about soft...
This thesis focuses on the issue of security testing of web-applications, considering the internal p...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are mod...
Testing is the dominant technique for quality assurance of software systems. It typically consumes c...
Obligations are mandatory actions that users must perform, addressing access control requirements. T...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
Any type of system, having different users, need to have a access control system for authorized acce...