Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.
Modelling and testing of XACML policies
Bertolino A;Daoudagh S;Lonetti F;Marchetti E
2012
Abstract
Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
