Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Lonetti F., Marchetti E. Systematic XACML request generation for testing purposes. In: EUROMICRO SEAA 2010 - 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA) (Lille, France, 1-3 September 2010). Proceedings, pp. 3 - 11. IEEE, 2010.
A widely adopted security mechanism is the specification of access control policies by means of the XACML language. In this paper, we propose a framework, called X-CREATE, for the systematic generation of test inputs (XACML requests). Differently from existing tools, XCREATE exploits the XACML Context Schema. In particular, the tool applies a XML-based methodology (XPT) to systematically produce a set of intermediate instances, covering the XACML Context Schema. Moreover, for request generation, X-CREATE applies a procedure for parsing the policy under test and assigning values to the generated intermediate instances. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies. The experimental results show that the fault detection effectiveness of X-CREATE is similar or higher than that of existing approaches.
URL: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5598073
DOI: 10.1109/SEAA.2010.58
Subject XACML
Test suite generation
Policy testing
D.2.5 Testing and Debugging
B.6.2 Reliability and Testing

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional