«

»

A Generic Metamodel For Security Policies Mutation

by Tejeddine Mouelhi, Benoit Baudry, Franck Fleurey
Abstract:
We present a new approach for mutation analysis of Security Policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies.
Reference:
A Generic Metamodel For Security Policies Mutation (Tejeddine Mouelhi, Benoit Baudry, Franck Fleurey), In Proceedings of the Security Testing workshop at ICST’08, 2008.
Bibtex Entry:
@inproceedings{mouelhi08e,
	Abstract = {We present a new approach for mutation analysis of Security Policies
	test cases. We propose a metamodel that provides a generic representation
	of security policies access control models and define a set of mutation
	operators at this generic level. We use Kermeta to build the metamodel
	and implement the mutation operators. We also illustrate our approach
	with two successful instantiation of this metamodel: we defined policies
	with RBAC and OrBAC and mutated these policies.},
	keywords = {test, security},
	Author = {Mouelhi, Tejeddine and Baudry, Benoit and Fleurey, Franck},
	Booktitle = {Proceedings of the Security Testing workshop at ICST'08},
	Title = {A Generic Metamodel For Security Policies Mutation},
	x-abbrv = {SECTEST},
	X-Country = {NO},
	X-International-Audience = {yes},
	X-Language = {EN},
	X-Proceedings = {yes},
	Year = {2008},
	url = {http://www.irisa.fr/triskell/publis/2008/mouelhi08e.pdf}}