Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Daoudagh S., Lonetti F., Marchetti E. Modelling and testing of XACML policies. Technical report, 2012.
Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.
Subject Access control policy
Policy Decision Point
Requests derivation
Verdicts coverage
D.2.5 Testing and Debugging
D.4.6 Security and Protection. Access controls

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional