{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T11:17:15Z","timestamp":1725794235969},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319074511"},{"type":"electronic","value":"9783319074528"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-07452-8_11","type":"book-chapter","created":{"date-parts":[[2014,5,22]],"date-time":"2014-05-22T01:53:43Z","timestamp":1400723623000},"page":"266-286","source":"Crossref","is-referenced-by-count":7,"title":["A Toolchain for Designing and Testing Access Control Policies"],"prefix":"10.1007","author":[{"given":"Antonia","family":"Bertolino","sequence":"first","affiliation":[]},{"given":"Marianne","family":"Busch","sequence":"additional","affiliation":[]},{"given":"Said","family":"Daoudagh","sequence":"additional","affiliation":[]},{"given":"Francesca","family":"Lonetti","sequence":"additional","affiliation":[]},{"given":"Eda","family":"Marchetti","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0 (2005), http:\/\/docs.oasis-open.org\/xacml\/2.0\/access_control-xacml-2.0-core-spec-os.pdf"},{"key":"11_CR2","unstructured":"SDE: Service Development Environment (2014), http:\/\/www.nessos-project.eu\/sde"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Massacci, F., Zannone, N.: A model-driven approach for the specification and analysis of access control policies. In: Proc. of the OTM Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE, pp. 1087\u20131103 (2008)","DOI":"10.1007\/978-3-540-88873-4_11"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Pretschner, A., Mouelhi, T., Le Traon, Y.: Model-based tests for access control policies. In: Proc. of ICST, pp. 338\u2013347 (2008)","DOI":"10.1109\/ICST.2008.44"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Bertolino, A., Busch, M., Daoudagh, S., Koch, N., Lonetti, F., Marchetti, E.: A Toolchain for Designing and Testing XACML Policies. In: Proceedings of ICST 2013, Poster (2013)","DOI":"10.1109\/ICST.2013.70"},{"key":"11_CR6","series-title":"LNBIP","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-642-24511-4_19","volume-title":"Perspectives in Business Informatics Research","author":"M. Busch","year":"2011","unstructured":"Busch, M., Knapp, A., Koch, N.: Modeling Secure Navigation in Web Information Systems. In: Grabis, J., Kirikova, M. (eds.) BIR 2011. LNBIP, vol.\u00a090, pp. 239\u2013253. Springer, Heidelberg (2011)"},{"key":"11_CR7","unstructured":"LMU. Web Engineering Group: UWE Website (2014), http:\/\/uwe.pst.ifi.lmu.de\/"},{"key":"11_CR8","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/978-3-319-07452-8_5","volume-title":"Engineering Secure Future Internet Services","author":"M. Busch","year":"2014","unstructured":"Busch, M., Koch, N., Suppan, S.: Modeling Security Features of Web Applications. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services. LNCS, vol.\u00a08431, pp. 119\u2013139. Springer, Heidelberg (2014)"},{"key":"11_CR9","unstructured":"Busch, M., Koch, N.: NESSoS Deliverable D2.3 \u2013 Second Release of the SDE for Security-Related Tools (2012)"},{"key":"11_CR10","unstructured":"Sensoria Project: Software Engineering for Service-Oriented Overlay Computers (2011), http:\/\/www.sensoria-ist.eu\/"},{"key":"11_CR11","unstructured":"ASCENS: Autonomic Service Component Ensembles (2012), http:\/\/www.ascens-ist.eu\/"},{"key":"11_CR12","unstructured":"Eclipse Foundation: Eclipse Modeling Project (2014), http:\/\/eclipse.org\/modeling\/"},{"key":"11_CR13","unstructured":"No Magic Inc.: Magicdraw (2014), http:\/\/www.magicdraw.com\/"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Busch, M., Koch, N., Masi, M., Pugliese, R., Tiezzi, F.: Towards model-driven development of access control policies for web applications. In: Model-Driven Security Workshop in Conjunction with MoDELS 2012. ACM Digital Library (2012)","DOI":"10.1145\/2422498.2422502"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Bertolino, A., Lonetti, F., Marchetti, E.: Systematic XACML request generation for testing purposes. In: Proceedings of the 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), Lille, France, September 1-3, pp. 3\u201311 (2010)","DOI":"10.1109\/SEAA.2010.58"},{"key":"11_CR16","unstructured":"Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E.: The X-CREATE framework: a comparison of XACML policy testing strategies. In: Proceedings of 8th International Conference on Web Information Systems and Technologies (WEBIST), Porto, Portugal, April 18-21 (2012)"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E.: Automatic XACML Requests Generation for Policy Testing. In: Proceedings of IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST), pp. 842\u2013849 (2012)","DOI":"10.1109\/ICST.2012.185"},{"key":"11_CR18","unstructured":"Sun Microsystems: Sun\u2019s XACML Implementation (2006), http:\/\/sunxacml.sourceforge.net\/"},{"key":"11_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1007\/978-3-642-02818-2_49","volume-title":"Web Engineering","author":"M. Busch","year":"2009","unstructured":"Busch, M., Koch, N.: MagicUWE \u2014 A CASE Tool Plugin for Modeling Web Applications. In: Gaedke, M., Grossniklaus, M., D\u00edaz, O. (eds.) ICWE 2009. LNCS, vol.\u00a05648, pp. 505\u2013508. Springer, Heidelberg (2009)"},{"key":"11_CR20","unstructured":"OMG.: XMI 2.1 (2005), http:\/\/www.omg.org\/spec\/XMI\/"},{"key":"11_CR21","unstructured":"Eclipse: XPand (2013), http:\/\/wiki.eclipse.org\/Xpand"},{"issue":"7","key":"11_CR22","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1109\/32.605761","volume":"23","author":"D.M. Cohen","year":"1997","unstructured":"Cohen, D.M., Dalal, S.R., Fredman, M.L., Patton, G.C.: The AETG system: An approach to testing based on combinatiorial design. IEEE Trans. on Soft. Eng.\u00a023(7), 437\u2013444 (1997)","journal-title":"IEEE Trans. on Soft. Eng."},{"issue":"4","key":"11_CR23","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1049\/iet-sen.2012.0101","volume":"7","author":"A. Bertolino","year":"2013","unstructured":"Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Schilders, L.: Automated testing of extensible access control markup language-based access control systems. IET Software\u00a07(4), 203\u2013212 (2013)","journal-title":"IET Software"},{"key":"11_CR24","unstructured":"SDE.: Tutorial (2012), http:\/\/sde.pst.ifi.lmu.de\/trac\/sde\/wiki\/Tutorial"},{"key":"11_CR25","unstructured":"OMG.: OCL 2.0 (2011), http:\/\/www.omg.org\/spec\/OCL\/2.0\/"},{"key":"11_CR26","unstructured":"Busch, M.: Secure Web Engineering supported by an Evaluation Framework. In: Modelsward 2014. Scitepress (2014)"},{"key":"11_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1007\/3-540-45800-X_33","volume-title":"\u00abUML\u00bb 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools","author":"T. Lodderstedt","year":"2002","unstructured":"Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol.\u00a02460, pp. 426\u2013441. Springer, Heidelberg (2002)"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Slimani, N., Khambhammettu, H., Adi, K., Logrippo, L.: UACML: Unified Access Control Modeling Language. In: NTMS 2011, pp. 1\u20138 (2011)","DOI":"10.1109\/NTMS.2011.5721143"},{"key":"11_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-11747-3_16","volume-title":"Engineering Secure Software and Systems","author":"D. Basin","year":"2010","unstructured":"Basin, D., Clavel, M., Egea, M., Schl\u00e4pfer, M.: Automatic Generation of Smart, Security-Aware GUI Models. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 201\u2013217. Springer, Heidelberg (2010)"},{"key":"11_CR30","unstructured":"J\u00fcrjens, J.: Secure Systems Development with UML. Springer (2004), Tools: http:\/\/carisma.umlsec.de\/"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Martin, E., Xie, T.: Automated Test Generation for Access Control Policies. In: Supplemental Proc. of 17th International Symposium on Software Reliability Engineering, ISSRE (2006)","DOI":"10.1109\/SESS.2007.5"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"Martin, E., Xie, T.: Automated test generation for access control policies via change-impact analysis. In: Proc. of Third International Workshop on Software Engineering for Secure Systems (SESS), pp. 5\u201312 (2007)","DOI":"10.1109\/SESS.2007.5"},{"key":"11_CR33","first-page":"196","volume-title":"Proc. of ICSE","author":"K. Fisler","year":"2005","unstructured":"Fisler, K., Krishnamurthi, S., Meyerovich, L., Tschantz, M.: Verification and change-impact analysis of access-control policies. In: Proc. of ICSE, pp. 196\u2013205. ACM, New York (2005)"},{"key":"11_CR34","doi-asserted-by":"crossref","unstructured":"Bertolino, A., Lonetti, F., Marchetti, E.: Systematic XACML Request Generation for Testing Purposes. In: Proc. of 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), pp. 3\u201311 (2010)","DOI":"10.1109\/SEAA.2010.58"},{"key":"11_CR35","doi-asserted-by":"crossref","unstructured":"Li, N., Hwang, J., Xie, T.: Multiple-implementation testing for XACML implementations. In: Proc. of TAV-WEB, pp. 27\u201333 (2008)","DOI":"10.1145\/1390832.1390837"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., Mori, P.: Testing of PolPA Authorization Systems. In: Proc. of AST, pp. 8\u201314 (2012)","DOI":"10.1109\/IWAST.2012.6228997"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Traon, Y., Mouelhi, T., Baudry, B.: Testing security policies: going beyond functional testing. In: Proc. of ISSRE, pp. 93\u2013102 (2007)","DOI":"10.1109\/ISSRE.2007.27"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Mallouli, W., Orset, J.M., Cavalli, A., Cuppens, N., Cuppens, F.: A formal approach for testing security rules. In: Proc. of SACMAT, pp. 127\u2013132 (2007)","DOI":"10.1145\/1266840.1266860"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Li, K., Mounier, L., Groz, R.: Test generation from security policies specified in or-BAC. In: Proc. of COMPSAC, pp. 255\u2013260 (2007)","DOI":"10.1109\/COMPSAC.2007.210"},{"key":"11_CR40","unstructured":"Eclipse: Acceleo (2014), http:\/\/www.eclipse.org\/acceleo\/"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Future Internet Services and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-07452-8_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T00:08:33Z","timestamp":1649030913000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-07452-8_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319074511","9783319074528"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-07452-8_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}