Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Lonetti F., Marchetti E. Systematic XACML request generation for testing purposes. Technical report, 2010.
XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this paper, we propose a framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. It applies our previously proposed XPT methodology to this schema and produces a set of intermediate instances covering the compliant request structures. We also provide a methodology for parsing a policy under test and assigning its values to the generated intermediate instances. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies. The experimental results show that the fault detection effectiveness of X-CREATE is similar or higher than that of existing approaches.
Subject XACML
Test suite generation
Policy testing
D.2.5 Testing and Debugging
D.3.2 Language Classifications

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional