Mutation Analysis for Security

TL;DR

This paper explores the use of Mutation Analysis to evaluate and improve security mechanisms, particularly access control, by assessing test quality and eliminating hidden mechanisms for policy evolution.

Contribution

It introduces a novel application of Mutation Analysis to qualify penetration tests and enhance access control security mechanisms.

Findings

Mutation Analysis effectively evaluates security test quality.

The method identifies hidden access control mechanisms.

Proposed approach facilitates access control policy evolution.

Abstract

Security has become, nowadays, a major concern for the organizations as the majority of its applications are exposed to Internet, which increases the threats of security considerably. Thus, the solution is to improve tools and mechanisms to strengthen the protection of applications against attacks and ensure the different security objectives. Among solutions we will talking about, in this paper, there is Mutation Analysis which is a technique of test that evaluates the quality of software tests and their ability to detect errors, It also compares the criteria and test generation strategies. In this study we will use the Mutation Analysis as a mean to qualify the penetration tests, and then, apply this technique in the security mechanisms and exactly on the mechanisms of access control. At the end we will propose a method for the elimination of hidden mechanisms for access control that will allow the access control policy to evolve.