Abstract Title

Functional and Access Control Testing of an Attribute Based Access ControlledSystem

Disciplines

Information Security

Abstract

The Grant Proposal Management System (GPMS) is a secure web-based workflow management system that uses ABAC (Attribute-Based Access Control). ABAC is a fine-grained access control model in which attributes, such as position type or title are used to restrict access for who can do what, how and when. In contrast to time-consuming and tedious manual testing, test automation tools such as Selenium allow verification of all possible workflow scenarios in a repeatable manner. Testing of the GPMS requires black box testing of software functional requirements as well as policy-based security implementation. Our testing methodology uses a combination of Selenium IDE, Selenium WebDriver, and JUnit. Selenium IDE is a Firefox browser plugin that records user actions on the visible aspects of an application. On the other hand, Selenium WebDriver is an Object-Oriented API allowing test cases for hidden web elements. The use of logic in each test case along with the overall flow of information allows for testing of a secure workflow application.

Comments

Poster #W2

This document is currently not available here.

Share

COinS
 

Functional and Access Control Testing of an Attribute Based Access ControlledSystem

The Grant Proposal Management System (GPMS) is a secure web-based workflow management system that uses ABAC (Attribute-Based Access Control). ABAC is a fine-grained access control model in which attributes, such as position type or title are used to restrict access for who can do what, how and when. In contrast to time-consuming and tedious manual testing, test automation tools such as Selenium allow verification of all possible workflow scenarios in a repeatable manner. Testing of the GPMS requires black box testing of software functional requirements as well as policy-based security implementation. Our testing methodology uses a combination of Selenium IDE, Selenium WebDriver, and JUnit. Selenium IDE is a Firefox browser plugin that records user actions on the visible aspects of an application. On the other hand, Selenium WebDriver is an Object-Oriented API allowing test cases for hidden web elements. The use of logic in each test case along with the overall flow of information allows for testing of a secure workflow application.