by Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry
Abstract:
In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discus and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tiers architecture.
Reference:
Mutation analysis for security tests qualification (Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry), In Proceedings of the workshop on mutation analysis at TAIC-Part 2007, 2007.
Bibtex Entry:
@inproceedings{mouelhi07a, Abstract = {In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discus and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tiers architecture.}, Address = {Cumberland Lodge, Windsor, UK}, keywords = {test, security}, Author = {Mouelhi, Tejeddine and Le Traon, Yves and Baudry, Benoit}, Booktitle = {Proceedings of the workshop on mutation analysis at TAIC-Part 2007}, Title = {Mutation analysis for security tests qualification}, url = {http://www.irisa.fr/triskell/publis/2007/mouelhi07a.pdf}, X-Country = {UK}, X-International-Audience = {yes}, X-Language = {EN}, X-Proceedings = {yes}, Year = {2007}, x-abbrv = {Mutation}, }