In "classical" testing approaches, "learning" is said to occur if testers dynamically improve the efficiency of their testing as they progress through a testing phase. However, the pressures of modern business and software development practices seem to favor an approach to testing which is very akin to a "sampling without replacement" of a relatively limited number of pre-determined structures and functions conducted under significant schedule and resource constraints. The primary driver is often the desire to "cover" ONLY previously "untested" functions, operations or code constructs, and to meet milestones. We develop and evaluate a model that describes the fault detection and removal process in such an environment. Results indicate that in environments where "coverage"- based testing is promoted, but resources and decisions are constrained, very little dynamic "learning" takes place, and that it may be an artifact of program structure or of the test-case sequencing policy. 1. Intro...

Access control is the key security service used for information and system security. The access control mechanisms can be used to enforce various security policies, but the desired access control objectives can only be achieved if the underlying software implementation is correct. It therefore becomes essential to not only verify that the implementation conforms to the given policy but also to confirm the absence of any violations in it. We propose a model-based strategy for testing implementations of access control systems that employ the RBAC policy specification. Our approach is based on the construction of a structural and behavioral model of the corresponding RBAC specification. The model is then used to generate static and dynamic test suites for the corresponding implementation. The code coverage and mutation score were used as metrics to determine the efficacy of the proposed approach in a case study. The results of the case study show that the tests generated using the proposed approach not only provide good control flow coverage of the implementation but are also effective in detecting faults induced via mutation operators.