CNR Institutional Research Information System

Access Control Policies are used to specify who can access which resource under which conditions, and ensuring their correctness is vital to prevent security breaches. As access control policies can be complex and error-prone, we propose an original framework that supports the validation of the implemented policies (specified in the standard XACML notation) against the intended rights, which can be informally expressed, e.g. in tabular form. The framework relies on well-known software testing technology, such as mutation and combinatorial techniques. The paper presents the implemented environment and an application example.

Testing access control policies against intended access rights

Bertolino A;Daoudagh S;Lonetti F;Marchetti E
2016

Abstract

Access Control Policies are used to specify who can access which resource under which conditions, and ensuring their correctness is vital to prevent security breaches. As access control policies can be complex and error-prone, we propose an original framework that supports the validation of the implemented policies (specified in the standard XACML notation) against the intended rights, which can be informally expressed, e.g. in tabular form. The framework relies on well-known software testing technology, such as mutation and combinatorial techniques. The paper presents the implemented environment and an application example.
2016
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
978-1-4503-3739-7
Software testing
Access control rights
XACML Language
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_364897-doc_166266.pdf

accesso aperto

Descrizione: Testing access control policies against intended access rights
Tipologia: Documento in Post-print
Licenza: Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023)
Dimensione 464.4 kB
Formato Adobe PDF
Visualizza/Apri
464.4 kB Adobe PDF Visualizza/Apri
prod_364897-doc_120323.pdf

solo utenti autorizzati

Descrizione: Testing access control policies against intended access rights
Tipologia: Versione Editoriale (PDF)
Licenza: NON PUBBLICO - Accesso privato/ristretto
Dimensione 907.33 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
907.33 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/354244
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? ND
social impact