Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming errors. Defects in the implementation may lead to unauthorized access and security breaches. To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets. Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system functions). The access control tests are generated automatically from the test m...
peer reviewedThe support of obligations with access control policies allows the expression of more s...
Role-based Access Control (RBAC) models are access policies that associate access rights to roles of...
peer reviewedThe support of obligations with access control policies allows the expression of more s...
peer reviewedRole-based access control is an important access control method for securing computer s...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control is essential for safe and secure access to software and hardware resources. Operating...
Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained...
International audienceWe present a model-based approach to testing access control requirements. By u...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
An access-control policy is a formal description of the privileges that users have on resources in a...
This technical report details our a semi-automated framework for the reverse-engineering and testing...
This thesis focuses on the issue of security testing of web-applications, considering the internal p...
Access Control (AC) is a major pillar in software security. In short, AC ensures that only intended ...
peer reviewedThe support of obligations with access control policies allows the expression of more s...
Role-based Access Control (RBAC) models are access policies that associate access rights to roles of...
peer reviewedThe support of obligations with access control policies allows the expression of more s...
peer reviewedRole-based access control is an important access control method for securing computer s...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control is essential for safe and secure access to software and hardware resources. Operating...
Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained...
International audienceWe present a model-based approach to testing access control requirements. By u...
peer reviewedAccess control (AC) is an important security mechanism used in software systems to rest...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
An access-control policy is a formal description of the privileges that users have on resources in a...
This technical report details our a semi-automated framework for the reverse-engineering and testing...
This thesis focuses on the issue of security testing of web-applications, considering the internal p...
Access Control (AC) is a major pillar in software security. In short, AC ensures that only intended ...
peer reviewedThe support of obligations with access control policies allows the expression of more s...
Role-based Access Control (RBAC) models are access policies that associate access rights to roles of...
peer reviewedThe support of obligations with access control policies allows the expression of more s...