Specifying a security policy (SP) is a challenging task in the development of secure communication systems since it is the bedrock of any security strategy. Paradoxically, this specification is error prone and can lead to an inadequate SP regarding the security needs. Therefore, it seems necessary to define an environment allowing one to “trust” the implemented SP. A testing task aims verifying whether an implementation is conforming to its specification. Test is generally achieved by generating and executing test cases. Some automated testing tools can be used from which model checkers. In fact, given a system modeling and a test objective, the model checker can generate a counterexample from which test cases can be deduced. The main proposition of this chapter is then a formal environment for SP test cases generation based on a system modeling, a SP specification (test purpose), and the use of a model checker. Once generated, these test cases must be improved in order to quantify their effectiveness to detect SP flaws. This is made through the generation of mutants.