by Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry
Abstract:
In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discus and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tiers architecture.
Reference:
Mutation analysis for security tests qualification (Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry), In Proceedings of the workshop on mutation analysis at TAIC-Part 2007, 2007.
Bibtex Entry:
@inproceedings{mouelhi07a,
Abstract = {In this paper, we study how mutation
analysis can be adapted to qualify test cases aiming at
testing a security policy. The objective is to make test
cases efficient to reveal erroneous implementations of
a security policy. The notion of security policy testing
is studied and mutation operators are defined in
relation with the security rules. To make the approach
applicable in practice we discus and empirically rank
the security mutation operators from the most to the
least difficult to kill. The empirical study is a library
software, which is implemented with a typical 3-tiers
architecture.},
Address = {Cumberland Lodge, Windsor, UK},
keywords = {test, security},
Author = {Mouelhi, Tejeddine and Le Traon, Yves and Baudry, Benoit},
Booktitle = {Proceedings of the workshop on mutation analysis at TAIC-Part 2007},
Title = {Mutation analysis for security tests qualification},
url = {http://www.irisa.fr/triskell/publis/2007/mouelhi07a.pdf},
X-Country = {UK},
X-International-Audience = {yes},
X-Language = {EN},
X-Proceedings = {yes},
Year = {2007},
x-abbrv = {Mutation},
}
