CNR Institutional Research Information System

Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. Due to the complexity of XACML language it is important to perform efficient testing to identify potential security flaws and bugs. However, in practice, exhaustive testing is impossible due to budget constraints. Test cases selection and prioritization are two well-known solutions to maximize the effectiveness of the test suite in terms of discovered faults, reducing as much as possible the required effort for tests execution and results analysis. In this chapter, after providing a survey on validation approaches for XACML based access control systems, we present a coverage based selection strategy and a similarity based test prioritization solution, both applied to XACML test cases. Then we compare the effectiveness of the two approaches in terms of mutation score and number of test cases. Experimental results show that coverage based selection outperforms similarity based prioritization, hinting to future improvements of the proposed approaches.

Validation of access control systems

Bertolino A;Lonetti F;Marchetti E;
2014

Abstract

Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. Due to the complexity of XACML language it is important to perform efficient testing to identify potential security flaws and bugs. However, in practice, exhaustive testing is impossible due to budget constraints. Test cases selection and prioritization are two well-known solutions to maximize the effectiveness of the test suite in terms of discovered faults, reducing as much as possible the required effort for tests execution and results analysis. In this chapter, after providing a survey on validation approaches for XACML based access control systems, we present a coverage based selection strategy and a similarity based test prioritization solution, both applied to XACML test cases. Then we compare the effectiveness of the two approaches in terms of mutation score and number of test cases. Experimental results show that coverage based selection outperforms similarity based prioritization, hinting to future improvements of the proposed approaches.
2014
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
Inglese
Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli
Engineering Secure Future Internet Services and Systems. Current Research
210
233
24
978-3-319-07451-1
http://link.springer.com/chapter/10.1007%2F978-3-319-07452-8_9
Springer
Berlin
GERMANIA
Sì, ma tipo non specificato
Access control
XACML
Grant agreement: 256980 - Tipo Progetto: EU_FP7.
2-s2.0-84927605030
1
5
02 Contributo in Volume::02.01 Contributo in volume (Capitolo o Saggio)
268
reserved
Bertolino, A; Le Traon, Y; Lonetti, F; Marchetti, E; Mouelhi, T
info:eu-repo/semantics/bookPart
   Network of Excellence on Engineering Secure Future Internet Software Services and Systems
   NESSOS
   FP7
   256980
File in questo prodotto:
File Dimensione Formato  
prod_295713-doc_84955.pdf

non disponibili

Descrizione: Validation of access control systems
Tipologia: Versione Editoriale (PDF)
Dimensione 354.72 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
354.72 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/265643
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact