XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this paper, we propose a framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. It applies our previously proposed XPT methodology to this schema and produces a set of intermediate instances covering the compliant request structures. We also provide a methodology for parsing a policy under test and assigning its values to the generated intermediate instances. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies. The experimental results show that the fault detection effectiveness of X-CREATE is similar or higher than that of existing approaches.
Systematic XACML request generation for testing purposes
Bertolino A;Lonetti F;Marchetti E
2010
Abstract
XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this paper, we propose a framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. It applies our previously proposed XPT methodology to this schema and produces a set of intermediate instances covering the compliant request structures. We also provide a methodology for parsing a policy under test and assigning its values to the generated intermediate instances. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies. The experimental results show that the fault detection effectiveness of X-CREATE is similar or higher than that of existing approaches.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_161259-doc_132577.pdf
solo utenti autorizzati
Descrizione: Systematic XACML request generation for testing purposes
Dimensione
498.63 kB
Formato
Adobe PDF
|
498.63 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
