Testing and Verification of Security Policy