CNR Institutional Research Information System

The implementation of an authorization system is a difficult and error-prone activity that requires a careful verification and testing process. In this paper, we focus on testing the implementation of the PolPA authorization system and in particular its Policy Decision Point (PDP), used to define whether an access should be allowed or not. Thus exploiting the PolPA policy specification, we present a fault model and a test strategy able to highlight the problems, vulnerabilities and faults that could occur during the PDP implementation, and a testing framework for the automatic generation of a test suite that covers the fault model. Preliminary results of the test framework application to a realistic case study are presented

Testing of PolPA Authorization Systems

Bertolino A;Daoudagh S;Lonetti F;Marchetti E;Martinelli F;Mori P
2012

Abstract

The implementation of an authorization system is a difficult and error-prone activity that requires a careful verification and testing process. In this paper, we focus on testing the implementation of the PolPA authorization system and in particular its Policy Decision Point (PDP), used to define whether an access should be allowed or not. Thus exploiting the PolPA policy specification, we present a fault model and a test strategy able to highlight the problems, vulnerabilities and faults that could occur during the PDP implementation, and a testing framework for the automatic generation of a test suite that covers the fault model. Preliminary results of the test framework application to a realistic case study are presented
2012
Istituto di informatica e telematica - IIT
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
Inglese
Automation of Software Test (AST), 2012 7th International Workshop on
2012 7th International Workshop on Automation of Software Test, AST 2012
8
14
7
978-1-4673-1821-1
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6228997
IEEE, Institute of electrical and electronics engineers
New York
STATI UNITI D'AMERICA
Sì, ma tipo non specificato
2-3 June 2012
Zurich, Switzerland
Authorization systems
Grant agreement256980 Tipo ProgettoEU_FP7
2-s2.0-84864272683
1
6
restricted
Bertolino, A; Daoudagh, S; Lonetti, F; Marchetti, E; Martinelli, F; Mori, P
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
   Network of Excellence on Engineering Secure Future Internet Software Services and Systems
   NESSOS
   FP7
   256980
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_221742-doc_52793.pdf

solo utenti autorizzati

Descrizione: Testing of PolPA Authorization Systems
Tipologia: Versione Editoriale (PDF)
Dimensione 219.01 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
219.01 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/130244
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
social impact