Volume 13 Number 9 (Sep. 2018)
Home > Archive > 2018 > Volume 13 Number 9 (Sep. 2018) >
JSW 2018 Vol.13(9): 497-505 ISSN: 1796-217X
doi: 10.17706/jsw.13.9.497-505

Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph

Yousef Khdairat, Khair Eddin Sabri*
Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman, Jordan

Abstract— Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generatedfrom the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.

Index Terms—Access control policy, Authorizationconstraints, Black box testing, cause-effect graph, Information security, role-based access control.


Cite: Yousef Khdairat, Khair Eddin Sabri, "Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph," Journal of Software vol. 13, no. 9, pp. 497-505, 2018.

General Information

ISSN: 1796-217X (Online)
Frequency:  Bimonthly (Since 2020)
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
  • Apr 26, 2021 News!

    Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec)     [Click]

  • Jun 22, 2020 News!

    Papers published in JSW Vol 14, No 1- Vol 15 No 4 have been indexed by DBLP     [Click]

  • Sep 13, 2021 News!

    The papers published in Vol 16, No 6 have all received dois from Crossref    [Click]

  • Jan 28, 2021 News!

    [CFP] 2021 the annual meeting of JSW Editorial Board, ICCSM 2021, will be held in Rome, Italy, July 21-23, 2021   [Click]

  • Sep 13, 2021 News!

    Vol 16, No 6 has been published with online version     [Click]