Functional and Access Control Testing of an Attribute Based Access ControlledSystem
Faculty Mentor Information
Milson Munakami Dianxiang Xu
Abstract
The Grant Proposal Management System (GPMS) is a secure web-based workflow management system that uses ABAC (Attribute-Based Access Control). ABAC is a fine-grained access control model in which attributes, such as position type or title are used to restrict access for who can do what, how and when. In contrast to time-consuming and tedious manual testing, test automation tools such as Selenium allow verification of all possible workflow scenarios in a repeatable manner. Testing of the GPMS requires black box testing of software functional requirements as well as policy-based security implementation. Our testing methodology uses a combination of Selenium IDE, Selenium WebDriver, and JUnit. Selenium IDE is a Firefox browser plugin that records user actions on the visible aspects of an application. On the other hand, Selenium WebDriver is an Object-Oriented API allowing test cases for hidden web elements. The use of logic in each test case along with the overall flow of information allows for testing of a secure workflow application.
Functional and Access Control Testing of an Attribute Based Access ControlledSystem
The Grant Proposal Management System (GPMS) is a secure web-based workflow management system that uses ABAC (Attribute-Based Access Control). ABAC is a fine-grained access control model in which attributes, such as position type or title are used to restrict access for who can do what, how and when. In contrast to time-consuming and tedious manual testing, test automation tools such as Selenium allow verification of all possible workflow scenarios in a repeatable manner. Testing of the GPMS requires black box testing of software functional requirements as well as policy-based security implementation. Our testing methodology uses a combination of Selenium IDE, Selenium WebDriver, and JUnit. Selenium IDE is a Firefox browser plugin that records user actions on the visible aspects of an application. On the other hand, Selenium WebDriver is an Object-Oriented API allowing test cases for hidden web elements. The use of logic in each test case along with the overall flow of information allows for testing of a secure workflow application.
Comments
Poster #W2