XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this document, we describe the architecture of a proposed framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies.
Generazione automatica di casi di test per sistemi di controllo degli accessi espressi tramite XACML
Daoudagh S;Lonetti F;Marchetti E
2010
Abstract
XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this document, we describe the architecture of a proposed framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
