Publication Date

12-2018

Date of Final Oral Examination (Defense)

10-24-2018

Type of Culminating Activity

Thesis

Degree Title

Master of Science in Computer Science

Department

Computer Science

Supervisory Committee Chair

Dianxiang Xu, Ph.D.

Supervisory Committee Member

Edoardo Serra, Ph.D.

Supervisory Committee Member

Yantian Hou, Ph.D.

Abstract

There exist various testing methods for XACML policies which vary in their overall fault detection ability and none of them can detect all the (killable) injected faults except for the simple policies. Further, it is unclear that what is essential for the fault detection of XACML policies. To address these issues, we formalized the fault detection conditions in the well-studied fault model of XACML policies so that it becomes clear what is essential for the fault detection. We formalized fault detection conditions in the form of reachability, necessity and propagation constraint. We, then, exploit these constraints to generate a mutation-based test suite with the goal to achieve perfect mutation score. Additionally, we have empirically evaluated the cost-effectiveness of various coverage-based testing methods against the near-optimal test suite from strong mutation-based test generation (SMT). Rule coverage has good cost-effectiveness such that it achieved better MKPT scores than SMT in many of the policies; however, it has poor fault detection capability. Decision coverage is nearly as cost-effective as SMT in most of the policies and it achieves better mutation score than rule coverage but could not achieve good mutation score in many of the policies. MC/DC have slightly less MKPT scores than SMT; nonetheless, among coverage-based testing methods, MC/DC tests have the highest mutation score and hence could reveal most of the faults. MC/DC even achieved a perfect mutation score for some policies; however, it still could not maintain good mutation score in all the policies.

DOI

10.18122/td/1502/boisestate

Download

Share

COinS