DSpace@nitr >
National Institue of Technology- Rourkela >
Conference Papers >

Please use this identifier to cite or link to this item: http://hdl.handle.net/2080/1227

Full metadata record

DC FieldValueLanguage
contributor.authorSharma, S-
contributor.authorJena, S K-
identifier.citationProceedings of 12th International Conference on Information Technology, ICIT2009, Dec 21-24, 2009, Bhubaneswar, India, P 60-65en
descriptionCopyright belongs to Proceedings Publisher Tata McGraw-Hillen
description.abstractIn today’s scenario any multiuser system need to implement access control for protecting its resources from unauthorized access or damage. With the help of separate policy specification language we can specify these access control policies. However, it is challenging to specify a correct access control policy and so, it is common for the security of a system to be compromised because of the incorrect specification of these policies. There are many ways in which a policy can be checked for correctness like, formal verification, analysis and testing. In this paper, a testing framework called ACPC (Access Control Policy Checker) has been introduced; we choose to illustrate the above technique using XACML language. We conduct extensive experiments using nine policy sets to evaluate the effectiveness of the above technique. The experimental result shows that ACPC can effectively generate requests to achieve high structural coverage of policies and outperforms random requests generation in terms of policy structural coverage and fault-detection capability. We have used nine mutation operators to make the mutant policy for mutation testing. We found the better result by classify these mutation operator in to three classes. We got up to 98% of mutant killed by one class of mutation operator, these results shows that, above framework generates better request sets and the classification gives better performance in terms of computational cost.en
format.extent946988 bytes-
publisherTata McGraw Hill Education Private Limited, New Delhien
subjectAccess control policiesen
subjecthange-impact analysisen
subjectmutation operatoren
subjectmutation testingen
titleA Fault Model for Testing the Access Control Policies using Classified Mutation Operatoren
typeBook chapteren
Appears in Collections:Conference Papers

Files in This Item:

File Description SizeFormat
Suraj-ICIT09.pdf924KbAdobe PDFView/Open

Show simple item record

All items in DSpace are protected by copyright, with all rights reserved.


Powered by DSpace Feedback