Selective Regression Test for Access Control System Employing RBAC

被引：0

作者：

Huang, Chao ^{[1
]}

Sun, Jianling ^{[1
]}

Wang, Xinyu ^{[1
]}

Si, Yuanjie ^{[1
]}

机构：

[1] Zhejiang Univ, Coll Comp, Hangzhou 310030, Zhejiang, Peoples R China

来源：

ADVANCES IN INFORMATION SECURITY AND ASSURANCE | 2009年 / 5576卷

关键词：

RBAC; regression test; test selection; security; policy verification;

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.

引用

页码：70 / 79

页数：10

共 50 条

[1] An access control model of workflow system integrating RBAC and TBAC
Zhou, Xiangning
Wang, Zhaolong
[J]. INTEGRATION AND INNOVATION ORIENT TO E-SOCIETY, VOL 2, 2007, 252 : 246 - +
[2] An access control model of workflow system integrating RBAC and TBAC
School of Information and Electronic Engineering, ShanDong Institute of Business and Technology, Yantai
264005, China
不详
264005, China
[J]. IFIP Advances in Information and Communication Technology, 2007, (246-251)
[3] RBAC-Based Access Control Integration Framework for Legacy System
Guo, He
Lu, Guoji
Wang, Yuxin
Li, Han
Chen, Xin
[J]. WEB INFORMATION SYSTEMS AND MINING, 2010, 6318 : 194 - +
[4] Platform for access control management in information system based on extended RBAC model
Poniszewska-Maranda, Aneta
[J]. 12TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2010), 2011, : 510 - 517
[5] Based on Expand RBAC Grid Collaborative Design System Access Control Model
Chen, Xuebin
Duan, Guolin
Cai, Jin
[J]. ICHIT 2008: INTERNATIONAL CONFERENCE ON CONVERGENCE AND HYBRID INFORMATION TECHNOLOGY, PROCEEDINGS, 2008, : 217 - 221
[6] A hybrid RBAC-PBAC access control model for network isolation system
Wu, Haiyan
Tan, Chengxiang
Wang, Haihang
[J]. FIRST INTERNATIONAL WORKSHOP ON KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS, 2007, : 503 - 508
[7] Improvement and implementation of RBAC access control model
Information College, Capital University of Economics and Business, Beijing, China
[J]. Proc. - Int. Conf. Manage. e-Commer. e-Govern., ICMeCG, 1600, (110-115):
[8] A design and implementation of data access control in Digital Campus System using the RBAC method
Liang, Zhenghe
Huang, XueFeng
Pan, Lin
Li, Jiguo
[J]. PROCEEDINGS OF THE 2007 1ST INTERNATIONAL SYMPOSIUM ON INFORMATION TECHNOLOGIES AND APPLICATIONS IN EDUCATION (ISITAE 2007), 2007, : 274 - 277
[9] Development of a Flexible Access Control Design by Extending RBAC
Jin, Yulong
Choi, Yongsun
Choi, Myeonggil
Shin, Sangmun
[J]. 2006 FIRST INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA, 2006,
[10] Research and application of access control model OF_RBAC
Yang, Cai-xia
Wang, Xiao-hui
Cao, Min
[J]. 2010 INTERNATIONAL CONFERENCE ON MANAGEMENT SCIENCE AND ENGINEERING (MSE 2010), VOL 4, 2010, : 65 - 69

← 1 2 3 4 5 →