Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Daoudagh S., Lonetti F., Marchetti E. An automated testing framework of model-driven tools for XACML policy specification. In: QUATIC 2014 - 9th International Conference on the Quality of Information and Communications Technology (Guimar„es, Portugal, 23-26 September 2014). Proceedings, pp. 75 - 84. IEEE, 2014.
Access Control is among the most important security mechanisms to put in place in order to secure applications. XACML is the de facto standard for storing and deploying access control policies. However, due to the complexity of the XACML language, policy definition becomes a difficult and error prone process. In recent years, the combined use of models for the access control policy specification, and the model-to-code facilities, for the automatic transformation of the model into the XACML language, has been proposed as a possible solution. These model-driven methodologies and facilities need to be thoroughly validated and verified. In this paper we provide an integrated framework for testing the automatic translation of the specification of an access control model into an XACML policy. The framework includes different test strategies for the derivation of test cases and some facilities for making easier their execution against the XACML policy and the test results collection and analysis. In addition, we illustrate the use of the framework on a case study.
URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6984095
DOI: 10.1109/QUATIC.2014.17
Subject Access control
Model-driven development
D.4.6 Security and Protection. Access controls
D.2.5 Testing and Debugging

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional