Test Generation from Security Policies Specified in Or-BAC

Abstract

Security policy testing is a practical way to ensure security policies are correctly implemented in information or networking systems with a certain level of confidence. In this paper, we adapt model based testing techniques for formal models of security policies, and propose a two stage approach to produce test cases from a security policy specified in Or-BAC, i.e., test purpose generation from Or-BAC rules, and test case generation from test purposes.

DOI: 10.1109/COMPSAC.2007.210

4 Figures and Tables

Cite this paper

@article{Li2007TestGF, title={Test Generation from Security Policies Specified in Or-BAC}, author={Keqin Li and Laurent Mounier and Roland Groz}, journal={31st Annual International Computer Software and Applications Conference (COMPSAC 2007)}, year={2007}, volume={2}, pages={255-260} }