Volume 13 Number 9 (Sep. 2018)
Home > Archive > 2018 > Volume 13 Number 9 (Sep. 2018) >
JSW 2018 Vol.13(9): 497-505 ISSN: 1796-217X
doi: 10.17706/jsw.13.9.497-505

Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph

Yousef Khdairat, Khair Eddin Sabri*
Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman, Jordan

Abstract— Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.

Index Terms—Access control policy, Authorizationconstraints, Black box testing, cause-effect graph, Information security, role-based access control.

[PDF]

Cite: Yousef Khdairat, Khair Eddin Sabri, "Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph," Journal of Software vol. 13, no. 9, pp. 497-505, 2018.

General Information

ISSN: 1796-217X
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jsw@iap.org
  • Sep 21, 2018 News!

    Papers published in JSW Vol. 13, No. 1- Vol. 13 No. 8 have been indexed by DBLP.    [Click]

  • Aug 24, 2018 News!

    Vol.12, No.8- Vol.13, No.5 has been indexed by EI (Inspec).   [Click]

  • Aug 01, 2018 News!

    [CFP] 2018 the annual meeting of JSW Editorial Board, ICSTE 2018, will be held in Kuala Lumpur, Malaysia, October 27-29, 2018.   [Click]

  • Sep 29, 2018 News!

    The papers published in Vol.13, No. 9 have all received dois from Crossref. 

  • Sep 21, 2018 News!

    Vol 13, No. 9 has been published with online version 4 original aritcles from 3 countries are published in this issue.     [Click]