首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph
  • 本地全文:下载
  • 作者:Yousef Khdairat ; Khair Eddin Sabri
  • 期刊名称:Journal of Software
  • 印刷版ISSN:1796-217X
  • 出版年度:2018
  • 卷号:13
  • 期号:9
  • 页码:497-505
  • DOI:10.17706/jsw.13.9.497-505
  • 出版社:Academy Publisher
  • 摘要:Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.
  • 其他关键词:Access control policy, Authorization constraints, Black box testing, cause-effect graph, Information security, role-based access control
国家哲学社会科学文献中心版权所有