Selective Regression Test for Access Control System Employing RBAC

被引：0

作者：

Huang, Chao ^{[1
]}

Sun, Jianling ^{[1
]}

Wang, Xinyu ^{[1
]}

Si, Yuanjie ^{[1
]}

机构：

[1] Zhejiang Univ, Coll Comp, Hangzhou 310030, Zhejiang, Peoples R China

来源：

ADVANCES IN INFORMATION SECURITY AND ASSURANCE | 2009年 / 5576卷

关键词：

RBAC; regression test; test selection; security; policy verification;

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.

引用

页码：70 / 79

页数：10

共 50 条

[1] An access control model of workflow system integrating RBAC and TBAC
Zhou, Xiangning
Wang, Zhaolong
INTEGRATION AND INNOVATION ORIENT TO E-SOCIETY, VOL 2, 2007, 252 : 246 - +
[2] An access control model of workflow system integrating RBAC and TBAC
School of Information and Electronic Engineering, ShanDong Institute of Business and Technology, Yantai
264005, China
不详
264005, China
IFIP Advances in Information and Communication Technology, 2007, (246-251)
[3] RBAC-Based Access Control Integration Framework for Legacy System
Guo, He
Lu, Guoji
Wang, Yuxin
Li, Han
Chen, Xin
WEB INFORMATION SYSTEMS AND MINING, 2010, 6318 : 194 - +
[4] Based on Expand RBAC Grid Collaborative Design System Access Control Model
Chen, Xuebin
Duan, Guolin
Cai, Jin
ICHIT 2008: INTERNATIONAL CONFERENCE ON CONVERGENCE AND HYBRID INFORMATION TECHNOLOGY, PROCEEDINGS, 2008, : 217 - 221
[5] A hybrid RBAC-PBAC access control model for network isolation system
Wu, Haiyan
Tan, Chengxiang
Wang, Haihang
FIRST INTERNATIONAL WORKSHOP ON KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS, 2007, : 503 - 508
[6] Platform for access control management in information system based on extended RBAC model
Poniszewska-Maranda, Aneta
12TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2010), 2011, : 510 - 517
[7] Improvement and implementation of RBAC access control model
Information College, Capital University of Economics and Business, Beijing, China
Proc. - Int. Conf. Manage. e-Commer. e-Govern., ICMeCG, 1600, (110-115):
[8] A design and implementation of data access control in Digital Campus System using the RBAC method
Liang, Zhenghe
Huang, XueFeng
Pan, Lin
Li, Jiguo
PROCEEDINGS OF THE 2007 1ST INTERNATIONAL SYMPOSIUM ON INFORMATION TECHNOLOGIES AND APPLICATIONS IN EDUCATION (ISITAE 2007), 2007, : 274 - 277
[9] Research and application of access control model OF_RBAC
Yang, Cai-xia
Wang, Xiao-hui
Cao, Min
2010 INTERNATIONAL CONFERENCE ON MANAGEMENT SCIENCE AND ENGINEERING (MSE 2010), VOL 4, 2010, : 65 - 69
[10] Development of a Flexible Access Control Design by Extending RBAC
Jin, Yulong
Choi, Yongsun
Choi, Myeonggil
Shin, Sangmun
2006 FIRST INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA, 2006,

← 1 2 3 4 5 →