Selective Regression Test for Access Control System Employing RBAC

被引：0

作者：

Huang, Chao ^{[1
]}

Sun, Jianling ^{[1
]}

Wang, Xinyu ^{[1
]}

Si, Yuanjie ^{[1
]}

机构：

[1] Zhejiang Univ, Coll Comp, Hangzhou 310030, Zhejiang, Peoples R China

来源：

ADVANCES IN INFORMATION SECURITY AND ASSURANCE | 2009年 / 5576卷

关键词：

RBAC; regression test; test selection; security; policy verification;

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.

引用

下载

页码：70 / 79

页数：10

共 50 条

[41] I-RBAC: An identity& role based access control model
Wang, Jin
Li, Qiang
Li, Daxing
2007 IEEE INTERNATIONAL CONFERENCE ON CONTROL AND AUTOMATION, VOLS 1-7, 2007, : 1176 - +
[42] uT-RBAC: Ubiquitous role-based access control model
Chae, SH
Kim, W
Kim, DK
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2006, E89A (01): : 238 - 239
[43] Integrating attribute and status constraint into the RBAC model for access control in ubiquitous systems
Zou, Deqing
Park, Jong Hyuk
Kim, Tai-hoon
Chen, Xueguang
PROCEEDINGS OF FUTURE GENERATION COMMUNICATION AND NETWORKING, WORKSHOP PAPERS, VOL 2, 2007, : 71 - +
[44] I-RBAC: Isolation Enabled Role-Based Access Control
Gunti, Nagajyothi
Sun, Weiqing
Niamat, Mohammed
2011 NINTH ANNUAL INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST, 2011, : 79 - 86
[45] GenericWA-RBAC: Role based access control model for web applications
Bammigatti, Prasanna H.
Rao, P. R.
ICIT 2006: 9TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY, PROCEEDINGS, 2006, : 237 - 240
[46] A Flexible Access Control Model for Dynamic Workflow Using Extended WAM and RBAC
Yang, Le
Choi, Yongsun
COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN IV, 2008, 5236 : 488 - 497
[47] Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Fatima, Arjumand
Ghazi, Yumna
Shibli, Muhammad Awais
Abassi, Abdul Ghafoor
SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (16) : 3152 - 3166
[48] The Model of Access Control of E-business Website based on PMI/RBAC
Wu, Peng
Wang, Zhao
Wan, Jiexi
ITCS: 2009 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND COMPUTER SCIENCE, PROCEEDINGS, VOL 2, PROCEEDINGS, 2009, : 246 - 249
[49] Research on the Fine-Grained Access Control based -on RBAC on the trusted domain
Wan Ai-Xia
2011 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION AND INDUSTRIAL APPLICATION (ICIA2011), VOL II, 2011, : 236 - 239
[50] RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
Gofman, Mikhail I.
Luo, Ruiqi
Solomon, Ayla C.
Zhang, Yingbin
Yang, Ping
Stoller, Scott D.
TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, PROCEEDINGS, 2009, 5505 : 46 - +

← 1 2 3 4 5 →