• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Third International Conference on Software Testing, Verification, and Validation—Workshops >Language-Specific vs. Language-Independent Approaches: Embedding Semantics on a Metamodel for Testing and Verifying Access Control Policies
【24h】

Language-Specific vs. Language-Independent Approaches: Embedding Semantics on a Metamodel for Testing and Verifying Access Control Policies

机译:特定于语言的方法与独立于语言的方法:将语义嵌入到用于测试和验证访问控制策略的元模型中

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

in this paper, we study an issue related to the abstraction level of a meta-model through the example of a model-driven approach for specifying, deploying and testing security policies in Java applications. The issue we focus on is the balance between a "generic" meta-model and the semantics we want to attach to it, which ahs to be precise enough. The goal of the original work was to present a full MDE process to check the consistency of a security policy and generate qualification criteria for the test cases testing the security mechanisms in the final code. The most original idea is that security policy is specified independently of the underlying access control language (OrBAC, RBAC, DAC or MAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. We qualify the test cases that validate the security policy in the application with a fault injection technique, mutation applied to access control policies. In the empirical results on 3 case studies, we explore the advantages and limitations of the mutation operators and verification checks whose semantics is defined on the meta-model. The overall question we address is not the feasibility of the approach as shown in our previous work but the quality of a metamodel for test and verification purpose.
机译:在本文中,我们将通过模型驱动的方法示例来研究与元模型的抽象级别有关的问题,该方法用于在Java应用程序中指定,部署和测试安全策略。我们关注的问题是“通用”元模型和我们要附加到其上的语义之间的平衡,即足够精确。原始工作的目的是提出一个完整的MDE过程,以检查安全策略的一致性,并为最终代码中测试安全机制的测试案例生成资格标准。最原始的想法是,安全策略是独立于底层访问控制语言(OrBAC,RBAC,DAC或MAC)指定的。它基于通用的安全元模型,可用于安全策略中的早期一致性检查。我们使用故障注入技术(适用于访问控制策略的变异)来验证可验证应用程序中安全策略的测试用例的资格。在3个案例研究的实证结果中,我们探索了变异算子的优缺点,并验证了其语义在元模型上定义的核对检查。我们要解决的总体问题不是我们先前工作中所示的方法的可行性,而是用于测试和验证目的的元模型的质量。

著录项

  • 来源
  • 会议地点 Paris(FR);Paris(FR)
  • 作者

    Traon Yves Le; Mouelhi Tejedinne; Fleurey Franck; Baudry Benoit;

  • 作者单位

    Issue Date: 6-10 April 2010rnrntOn page(s): rnt72rnttrn- 79rnrnrnLocation: Paris, FrancernrnPrint ISBN: 978-1-4244-6773-0rnrnrnrnttrnDigital Object Identifier: href='http://dx.doi.org/10.1109/ICSTW.2010.67' target='_blank'>10.1109/ICSTW.2010.67 rnrnDate of Current Version: trnrnt2010-05-13 13:19:48.0rnrnt rntt class="body-text">rntname="Abstract">>Abstractrn>in this paper, we study an issue related to the abstraction level of a meta-model through the example of a model-driven approach for specifying, deploying and testing security policies in Java applications. The issue we focus on is the balance between a "generic" meta-model and the semantics we want to attach to it, which ahs to be precise enough. The goal of the original w;

  • 会议组织
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 TP311.52;
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号