Volume 13 Number 9 (Sep. 2018)
Home > Archive > 2018 > Volume 13 Number 9 (Sep. 2018) >
JSW 2018 Vol.13(9): 497-505 ISSN: 1796-217X
doi: 10.17706/jsw.13.9.497-505

Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph

Yousef Khdairat, Khair Eddin Sabri*
Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman, Jordan

Abstract— Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.

Index Terms—Access control policy, Authorizationconstraints, Black box testing, cause-effect graph, Information security, role-based access control.


Cite: Yousef Khdairat, Khair Eddin Sabri, "Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph," Journal of Software vol. 13, no. 9, pp. 497-505, 2018.

General Information

ISSN: 1796-217X
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jsw@iap.org
  • Jan 11, 2019 News!

    Papers published in JSW Vol. 13, No. 1- Vol. 13 No. 12 have been indexed by DBLP.    [Click]

  • Aug 24, 2018 News!

    Vol.12, No.8- Vol.13, No.5 has been indexed by EI (Inspec).   [Click]

  • Aug 01, 2018 News!

    [CFP] 2019 the annual meeting of JSW Editorial Board, ICCSM 2019, will be held in Barcelona, Spain, July 14-16, 2019.   [Click]

  • Jan 15, 2019 News!

    Welcome Prof. Timothy J Arndt from USA to join the Editorial board of JSW   [Click]

  • Apr 03, 2019 News!

    Vol 14, No. 4 has been published with online version 4 original aritcles from 4 countries are published in this issue.    [Click]