Access control is one of the most significant security techniques. It controls which users or processes have access to which resources in a system.
QaTestLab focuses on Access Control testing because assuring the accuracy of policy speciﬁcations is becoming a significant and yet challenging task, especially as access control policies become more difficult and are used to manage a large amount of sensitive data.
Detecting differences between policy speciﬁcations and their intended function is a key point because proper execution and enforcement of policies by applications is based on the premise that the policy speciﬁcations are correct.
In such a way, policy speciﬁcations must undergo strict veriﬁcation and validation through systematic testing to assure the policy speciﬁcations truly encapsulate the desires of the policy authors.
Software testing aims at efﬁciently identifying and fixing defects in software through dynamic implementation.
Defects in policy speciﬁcations may also be found by leveraging existing techniques for software testing and applying them to policy testing.
Mutation testing has historically been applied to general purpose programming languages in measuring the quality of a test suite.