logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-04072017-111322


Tipo di tesi
Tesi di laurea magistrale
Autore
DAOUDAGH, SAID
URN
etd-04072017-111322
Titolo
A Data Warehouse and a Framework for the Validation and Testing of Access Control Systems
Dipartimento
INFORMATICA
Corso di studi
INFORMATICA PER L'ECONOMIA E PER L'AZIENDA (BUSINESS INFORMATICS)
Relatori
relatore Dott.ssa Rosone, Giovanna
correlatore Dott.ssa Marchetti, Eda
correlatore Dott.ssa Lonetti, Francesca
Parole chiave
  • Access Control Systems
  • Data Warehouse
  • Mutation Testing
  • OLAP
  • Testing
  • XACML
Data inizio appello
28/04/2017
Consultabilità
Non consultabile
Data di rilascio
28/04/2087
Riassunto
Context: In modern pervasive applications, it is important to validate access control mechanisms that are usually defined by means of the standard XACML language. Mutation analysis has been applied on access control policies for measuring the adequacy of a test suite.
Objective: This thesis presents (1) a new test case generation strategy, named XACMET, based on the expected behaviour of the Policy Decision Point (PDP), and (2) a testing framework aimed at applying mutation analysis at the level of the Java based PDP engine. A set of Java based mutation operators is selected and applied to the code of the PDP.
Method: We conducted a controlled quasi-experiment considering nine real-world access control policies aiming to evaluate XACMET against a combinatorial approach implemented in X-CREATE (as a baseline).
To assess the different test generation strategies, we use mutation analysis and compute the mutation scores reached by each strategy. This helps assessing the rate of fault detection.
Results: The preliminary results show that XACMET achieves the same fault-detection effectiveness reached by X-CREATE, in almost all cases even employing a smaller number of test requests.
Conclusion: We conclude that the test cases generated by XACMET can be used usefully under budget constraints.
File