Author
Ammar Masood, Rafae Bhatti, Arif Ghafoor, Aditya Mathur
Abstract
Conformance testing procedures for generating tests from the finite state model representation of Role
Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of
these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce
the size of the generated test suite were investigated. One is based on a set of six heuristics and the other
directly generates a test suite from the finite state model using random selection of paths in the policy model.
A fault model specific to the implementations of RBAC systems was used to evaluate the fault detection
effectiveness of the generated test suites; the model incorporates both mutation-based and malicious faults.
Empirical studies revealed that adequacy assessment of test suites using faults that correspond to first-order
mutations may lead to a false sense of confidence in the correctness of policy implementation. The second
approach to test suite generation, combined with one or more heuristics, is most effective in the detection
of both first-order mutation and malicious faults and generates a significantly smaller test suite than the one
generated directly from the finite state models.