Mutation Analysis for Security
This work addresses security concerns for organizations by improving tools to protect applications, though it appears incremental in applying existing mutation analysis techniques to a new domain.
The paper tackles the problem of evaluating the quality of penetration tests in security mechanisms, specifically access control, by applying mutation analysis, resulting in a proposed method to eliminate hidden mechanisms and allow policy evolution.
Security has become, nowadays, a major concern for the organizations as the majority of its applications are exposed to Internet, which increases the threats of security considerably. Thus, the solution is to improve tools and mechanisms to strengthen the protection of applications against attacks and ensure the different security objectives. Among solutions we will talking about, in this paper, there is Mutation Analysis which is a technique of test that evaluates the quality of software tests and their ability to detect errors, It also compares the criteria and test generation strategies. In this study we will use the Mutation Analysis as a mean to qualify the penetration tests, and then, apply this technique in the security mechanisms and exactly on the mechanisms of access control. At the end we will propose a method for the elimination of hidden mechanisms for access control that will allow the access control policy to evolve.