PUMA
Istituto di Scienza e Tecnologie dell'Informazione     
Bertolino A., Daoudagh S., Lonetti F., Marchetti E. Testing access control policies against intended access rights. In: SAC 2016 - 31st Annual ACM Symposium on Applied Computing (Pisa, Italy, 4-8 April 2016). Proceedings, pp. 1641 - 1647. ACM, 2016.
 
 
Abstract
(English)
Access Control Policies are used to specify who can access which resource under which conditions, and ensuring their correctness is vital to prevent security breaches. As access control policies can be complex and error-prone, we propose an original framework that supports the validation of the implemented policies (specified in the standard XACML notation) against the intended rights, which can be informally expressed, e.g. in tabular form. The framework relies on well-known software testing technology, such as mutation and combinatorial techniques. The paper presents the implemented environment and an application example.
URL: http://dl.acm.org/citation.cfm?doid=2851613.2851829
DOI: 10.1145/2851613.2851829
Subject Access Control Rights
XACML Language
Software Testing
K.6.5 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS. Security and Protection
D.2.5 SOFTWARE ENGINEERING. Testing and Debugging


Icona documento 1) Download Document PDF


Icona documento Open access Icona documento Restricted Icona documento Private

 


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional