A Fault Model and Mutation Testing of Access Control Policies
2013-05-02 16:33
369 查看
Evan Martin and Tao Xie, WWW 2007
本文工作:
本文侧重于对access policy的mutation分析技术的探究。mutation analysis在程序测试分析中的应用已经较为成熟,然而目前还没有较充分的研究工作关注于
access policy的mutation analysis。应当为access policy建立什么样的错误模型,这些错误模型能否有效地评估测试用例(在access policy测试中是request),
是本文研究的重点。作者提出了三个policy覆盖准则,以及两种测试生成方法,试图探究生成的测试用例的policy覆盖率与检测错误能力之间的关系。
Mutation operators
上表是作者定义的11种mutation operator。这些mutation operator都是针对XACML设计的,包括诸如decision的修改等等。
Coverage criteria
Policy coverage:如果某个policy适用于某个request,就说该policy被覆盖了
Rule coverage:如果某个rule适用于某个request,就说该rule被覆盖了
Condition coverage:The evaluation of the condition for a rule has two outcomes: true and false, which are called as the true condition and false condition
, respectively. A true (false) condition for a rule is covered by a request if the rule is covered by the request and the condition is evaluated to be true (false).
Test generation
Random Test Generation:按属性值随机生成request。具体的,一个request是一个向量,每一维是0或1,若属性被选中,则为1,否则为0
Test Generation via Change-Impact Analysis:利用Margrave工具的change-impact分析能力,首先生成目标policy(rule)的另一个版本,借助Magrave可以生成一个反例request
,即得到了一个覆盖目标policy(rule)的request
本文贡献:
1、提出了access control policies的错误模型;
2、开发了工具,用于自动生成包含mutation policy的工具;
本文工作:
本文侧重于对access policy的mutation分析技术的探究。mutation analysis在程序测试分析中的应用已经较为成熟,然而目前还没有较充分的研究工作关注于
access policy的mutation analysis。应当为access policy建立什么样的错误模型,这些错误模型能否有效地评估测试用例(在access policy测试中是request),
是本文研究的重点。作者提出了三个policy覆盖准则,以及两种测试生成方法,试图探究生成的测试用例的policy覆盖率与检测错误能力之间的关系。
Mutation operators
上表是作者定义的11种mutation operator。这些mutation operator都是针对XACML设计的,包括诸如decision的修改等等。
Coverage criteria
Policy coverage:如果某个policy适用于某个request,就说该policy被覆盖了
Rule coverage:如果某个rule适用于某个request,就说该rule被覆盖了
Condition coverage:The evaluation of the condition for a rule has two outcomes: true and false, which are called as the true condition and false condition
, respectively. A true (false) condition for a rule is covered by a request if the rule is covered by the request and the condition is evaluated to be true (false).
Test generation
Random Test Generation:按属性值随机生成request。具体的,一个request是一个向量,每一维是0或1,若属性被选中,则为1,否则为0
Test Generation via Change-Impact Analysis:利用Margrave工具的change-impact分析能力,首先生成目标policy(rule)的另一个版本,借助Magrave可以生成一个反例request
,即得到了一个覆盖目标policy(rule)的request
本文贡献:
1、提出了access control policies的错误模型;
2、开发了工具,用于自动生成包含mutation policy的工具;
相关文章推荐
- A Model -Based Approach to Automated Testing of Access Control Policies
- Verification and Change-Impact Analysis of Access Control Policies
- Model-Based Tests for Access Control Policies
- How to get control of your time and your life
- IoC容器和 Dependency Injection模式 Inversion of Control Containers and the Dependency Injection pattern
- SmartHome Gateway solution With rich and various interfaces Supporting flexible access of appliances
- 读论文-Control of Memory, Active Perception, and Action in Minecraft
- [C++] OOP - Access Control and Class Scope
- Tips to Survive and Progress in the Field of Software Testing
- Unit Testing in Xcode 4 – use OCUnit and SenTest instead of GHUnit
- Inversion of Control Containers and the Dependency Injection pattern
- Inversion of Control and Dependency Injection with Castle Windsor Container
- 【转】svn:is not under version control and is not part of the commit, yet its child解决办法
- How to get control of your time and your life (Alan Lakein.)
- Access Control List and Process(如何设置DACL)
- .net 操作 EXCEL (using c# to control and access the excel)
- Martin Fowler的Inversion of Control Containers and the Dependency Injection pattern
- From Softmax to Sparsemax: A Sparse Model of Attention and Multi-Label Classification
- Northwind Starter Kit Review: Data Access and the essence of needless work, Part II
- Object layout in C++ and access control