by Tejeddine Mouelhi, Benoit Baudry, Franck Fleurey
Abstract:
We present a new approach for mutation analysis of Security Policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies.
Reference:
A Generic Metamodel For Security Policies Mutation (Tejeddine Mouelhi, Benoit Baudry, Franck Fleurey), In Proceedings of the Security Testing workshop at ICST’08, 2008.
Bibtex Entry:
@inproceedings{mouelhi08e,
Abstract = {We present a new approach for mutation analysis of Security Policies
test cases. We propose a metamodel that provides a generic representation
of security policies access control models and define a set of mutation
operators at this generic level. We use Kermeta to build the metamodel
and implement the mutation operators. We also illustrate our approach
with two successful instantiation of this metamodel: we defined policies
with RBAC and OrBAC and mutated these policies.},
keywords = {test, security},
Author = {Mouelhi, Tejeddine and Baudry, Benoit and Fleurey, Franck},
Booktitle = {Proceedings of the Security Testing workshop at ICST'08},
Title = {A Generic Metamodel For Security Policies Mutation},
x-abbrv = {SECTEST},
X-Country = {NO},
X-International-Audience = {yes},
X-Language = {EN},
X-Proceedings = {yes},
Year = {2008},
url = {http://www.irisa.fr/triskell/publis/2008/mouelhi08e.pdf}}
