«

»

Mutation analysis for security tests qualification

by Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry
Abstract:
In this paper, we study how mutation analysis can be adapted to qualify test cases aiming at testing a security policy. The objective is to make test cases efficient to reveal erroneous implementations of a security policy. The notion of security policy testing is studied and mutation operators are defined in relation with the security rules. To make the approach applicable in practice we discus and empirically rank the security mutation operators from the most to the least difficult to kill. The empirical study is a library software, which is implemented with a typical 3-tiers architecture.
Reference:
Mutation analysis for security tests qualification (Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry), In Proceedings of the workshop on mutation analysis at TAIC-Part 2007, 2007.
Bibtex Entry:
@inproceedings{mouelhi07a,
	Abstract = {In this paper, we study how mutation
  analysis can be adapted to qualify test cases aiming at
  testing a security policy. The objective is to make test
  cases efficient to reveal erroneous implementations of
  a security policy. The notion of security policy testing
  is studied and mutation operators are defined in
  relation with the security rules. To make the approach
  applicable in practice we discus and empirically rank
  the security mutation operators from the most to the
  least difficult to kill. The empirical study is a library
  software, which is implemented with a typical 3-tiers
  architecture.},
	Address = {Cumberland Lodge, Windsor, UK},
	keywords = {test, security},
	Author = {Mouelhi, Tejeddine and Le Traon, Yves and Baudry, Benoit},
	Booktitle = {Proceedings of the workshop on mutation analysis at TAIC-Part 2007},
	Title = {Mutation analysis for security tests qualification},
	url = {http://www.irisa.fr/triskell/publis/2007/mouelhi07a.pdf},
	X-Country = {UK},
	X-International-Audience = {yes},
	X-Language = {EN},
	X-Proceedings = {yes},
	Year = {2007},
	x-abbrv = {Mutation},
	}