![]() ![]() Hardware-based security solutions involve adding some physical device such as a dedicated firewall to protect the network, or a smart card reader for logon authentication. Section 6 discusses future research challenges and finally Section 7 concludes this work. Section 5 gives an overview about usage control testing. Section 4 outlines the research proposals in each step of common testing processes. In Section 3, we go through the different approaches for access control testing according to a classification according to test targets. In Section 2, we give an overview about access control concepts and mechanisms by focusing on the XACML policy model. The remainder of this chapter is organized as follows. We conclude this chapter by discussing the main security testing challenges that are worth exploring in the near future. Third, we describe ongoing research that extends the work on access control testing to encompass usage control testing. Second, we provide an overall view of international projects which tackled security testing and the emerging commercial products for security testing. This book chapter goes first through the overall testing process by providing a detailed description of existing research contributions that aim at generating, selecting, prioritizing, and assessing test cases. Tests assessment enables also to evaluate the fault-detection capability of tests cases. Finally, once tests are executed and their verdict is checked, we need to assess the quality of these tests to provide guarantee that the test suite is of high quality. When prioritizing tests, the tests that have highest priority are executed first until the resources that are available for testing such as time or budget are consumed. Commonly, there are two options, either selecting a fixed number of tests or ordering ( prioritizing) tests. The subset of test cases to be run is defined based on business-related criteria according to available budget, computing resources, and the time allocated to testing. Due to budget, time, and resources constraints, testers have to choose the tests that have to be run among all the generated tests. This book chapter explores the landscape of access control testing and shows advances in access control testing approaches.īased on real-world applications, a large number of test cases are generated. It ensures that only eligible users are able to access protected resources in a given system. Testing these security mechanisms is very important in order to avoid ending up with security flaws inside the system or the application.Īccess control is one of the major and the most critical security mechanisms. As a matter of fact, it is crucial to guarantee that the security mechanisms that are in place are correctly implemented. In parallel to the emergence of security concerns, security testing has also gained a considerable interest as it has to be developed conjointly to software security hardening. Several researchers have explored this topic by providing new solutions in terms of security modeling, security features development, and the specification and implementation of the security mechanisms that have to be embedded in software systems. In the last decades, we have witnessed an increasing interest in the security testing research area. Software security is one major concern that is required to build trustworthy software systems. Yves Le Traon, in Advances in Computers, 2015 1 Introduction ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |