Abstract
In this paper we show how DAC and MAC security policies can bespecified, implemented and validated through mutation testing using a genericapproach. This work is based on a generic security framework originallydesigned to support RBAC and OrBAC security policies and theirimplementation in Java applications