A toolchain for model-based design and testing of access control systems

In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies. Due to the complexity of the standard languag-e, it is recommended to rely on model-driven approaches which allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that involves a model-driven approach to specify and generate XACML policies and also enables automated testing of the PDP component. We use XACML-based testing strategies for generating appropriate test cases which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An experimental assessment of the toolchain and its use on a realistic case study are also presented.