JSW 2018 Vol.13(9): 497-505 ISSN: 1796-217X
doi: 10.17706/jsw.13.9.497-505
doi: 10.17706/jsw.13.9.497-505
Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph
Yousef Khdairat, Khair Eddin Sabri*
Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman, Jordan
Abstract— Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.
Index Terms—Access control policy, Authorizationconstraints, Black box testing, cause-effect graph, Information security, role-based access control.
Abstract— Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.
Index Terms—Access control policy, Authorizationconstraints, Black box testing, cause-effect graph, Information security, role-based access control.
Cite: Yousef Khdairat, Khair Eddin Sabri, "Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph," Journal of Software vol. 13, no. 9, pp. 497-505, 2018.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]