Language-specific vs. language-independent approaches: embedding semantics on a metamodel for testing and verifying access control policies

Abstract : in this paper, we study an issue related to the abstraction level of a meta-model through the example of a model-driven approach for specifying, deploying and testing security policies in Java applications. The issue we focus on is the balance between a 'generic' meta-model and the semantics we want to attach to it, which has to be precise enough. The goal of the original work was to present a full MDE process to check the consistency of a security policy and generate qualification criteria for the test cases testing the security mechanisms in the final code. The most original idea is that security policy is specified independently of the underlying access control language (OrBAC, RBAC, DAC or MAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. We qualify the test cases that validate the security policy in the application with a fault injection technique, mutation applied to access control policies. In the empirical results on 3 case studies, we explore the advantages and limitations of the mutation operators and verification checks whose semantics is defined on the meta-model. The overall question we address is not the feasibility of the approach as shown in our previous work but the quality of a metamodel for test and verification purpose.
Document type :
Conference papers
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00498383
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Wednesday, July 7, 2010 - 1:26:56 PM
Last modification on : Monday, February 25, 2019 - 3:14:04 PM
Long-term archiving on : Friday, October 8, 2010 - 9:31:32 AM

File

LeTraon-QuoMBaT.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00498383, version 1

Citation

Yves Le Traon, Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry. Language-specific vs. language-independent approaches: embedding semantics on a metamodel for testing and verifying access control policies. Workshop on Quality of Model-Based Testing (QuoMBaT), Apr 2010, Paris, France. ⟨hal-00498383⟩

Share

Metrics

Record views

820

Files downloads

265