Automated Testing of XACML-based Access Control Systems
نویسندگان
چکیده
The trustworthiness of sensitive data needs to be guaranteed and testing is a common activity among privacy protection solutions, even if quite expensive. Accesses to data and resources are ruled by the PDP (Policy Decision Point), which relies on the XACML (eXtensible Access Control Markup Language) standard language for specifying access rights. In this paper, we propose a testing strategy for automatically deriving test requests from a XACML policy and describe our pilot experience in test automation using this strategy. Considering a real two-level PDP implemented for health data security, we compare the
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملAutomated Verification of XACML Policies Using a SAT Solver
Web-based software systems are increasingly used for accessing and manipulating sensitive information. Managing access control policies in such systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper, we present a framework for automated verification of access control poli...
متن کاملToward Systematic Testing of Access Control Policies
To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of spe...
متن کاملAutomated Reasoning about XACML 3.0 Delegation Using Answer Set Programming
XACML is an XML-based declarative access control language standardized by OASIS. Its latest version 3.0 has several new features including the concept of delegation for decentralized administration of access control. Though it is important to avoid unintended consequences of ill-designed policies, delegation makes formal analysis of XACML policies highly complicated. In this paper, we present a...
متن کاملAutomated Verification of Access Control Policies
Managing access control policies in modern computer systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper we present a framework for automated verification of access control policies. We introduce a formal model for systematically specifying access to resources. We show ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012