Abstract

In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT) Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very important. Realizing and testing non functional requirements such as efficiency, portability and security, at model level strengthens the ability of model to turn down risk, cost and probability of system failure in cost effective way. Access control is most widely used technique for implementing security in software systems. Existing approaches for security modeling focus on representation of access control policies such as authentication, role based access control by introducing security oriented model elements through extension in Unified Modelling Language (UML). But doing so hinders the potential and application of MBT techniques to verify these models and test access control policies. In this research we introduce a technique secure State UML to formally design security models with secure UML and then transform it to UML state machine diagrams so that it can be tested, verified by existing MBT techniques. By applying proposed technique on case studies, we found the results that MBT techniques can be applied on resulting state machine diagrams and generated test paths have potential to identify the risks associated with security constraints violation.

Keywords:

Model based testing, object constraint language, role based access control, unified modeling language,

References

1. Ceneys, A., A. Normantas and L. Radvilavicius, 2009. Designing role based access control policies with UML. J. Eng. Sci. Technol. Rev., 2 (1): 48-50.
   
2. Gray, M., 2004. Software security testing. J. IEEE Comput. Soc., 2(5): 32-36.
   
3. Jurjen, J., 2002. UMLsec: Extending UML for secure system development. Proceeding of the 5th International Conference on Unified Modeling Language, pp: 412-425.
   
4. Lindholm, J., 2006, M.A. Thesis, Department of Computer Science, University of Helsinki, 2006.
   
5. Lodderstedt, T., B. David and D. Jurgen, 2002. Secure UML: A UML basid modeling language for model-driven security. Proceeding of the 5th International Conference on Unified Modeling Language, pp: 426-441.
   
6. Mariscal, J., T. Doan, L. Michel, S. Demurjian and T. Ting, 2005. Role slices: A notation for RBAC permission assignment and enforcement. Proceeding of 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security.
   
7. Matulevicius, R. and M. Dumas, 2011. Towards model transformation between secure UML and UMLsec for role based access control. Proceeding of the 2011 Conference on Databases and Information Systems. Netherlands, pp: 339-352.
   
8. Raimundas, M. and M. Dumas, 2011. Towards model transformation between SecureUML and UMLsec for role-based access control. Proceedings of the 2011 Conference on Databases and Information Systems, pp: 339-352.
   
9. Shaukat, A., C.L. Briand, J. Rehman, H. Asghar, M.Z. Iqbal and A. Nadeem, 2006. A state-based approach to integration testing based on UML models. J. Inform. Software Technol., 49(11-12): 1087-1106.
   
10. Thapa, V., E. Song and H. Kim, 2010. An approach to verifying security and timing properties in UML models. Proceeding of the 15th IEEE International Conference on Engineering of Complex Computer Systems. Oxford, Mar. 22-26, pp: 193-202.
    CrossRef    
11. William, E.C., 2006. Software testing and the UML. Proceeding of 1st Workshop on Model-based Testing and Object Oriented Systems.
    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.