Paper Info
Title
Automated Coverage-Based Testing of XACML Policies.
Abstract
While the standard language XACML is very expressive for specifying fine-grained access control policies, defects can get into XACML policies for various reasons, such as misunderstanding of access control requirements, omissions, and coding errors. These defects may result in unauthorized accesses, escalation of privileges, and denial of service. Therefore, quality assurance of XACML policies for real-world information systems has become an important issue. To address this issue, this paper presents a family of coverage criteria for XACML policies, such as rule coverage, rule pair coverage, decision coverage, and Modified Condition/Decision Coverage (MC/DC). To demonstrate the assurance levels of these coverage criteria, we have developed methods for automatically generating tests, i.e., access requests, to satisfy the coverage criteria using a constraint solver. We have evaluated these methods through mutation analysis of various policies with different levels of complexity. The experiment results have shown that the rule coverage is far from adequate for revealing the majority of defects in XACML policies, and that both MC/DC and decision coverage tests have outperformed the existing methods for testing XACML policies. In particular, MC/DC tests achieve a very high level of quality assurance of XACML policies.
Year
DOI
Venue
2018
10.1145/3205977.3205979
SACMAT '18: The 23rd ACM Symposium on Access Control Models and Technologies Indianapolis Indiana USA June, 2018
Keywords
Field
DocType
XACML,access control,coverage criteria,test generation,mutation testing
Information system,Denial-of-service attack,Computer security,Computer science,Coding errors,Constraint satisfaction problem,XACML,Decision coverage,Access control,Quality assurance
Conference
ISBN
Citations 
PageRank 
978-1-4503-5666-4
2
0.36
References 
Authors
18
3
Name
Order
Citations
PageRank
Dianxiang Xu179073.83
Roshan Shrestha271.91
Ning Shen383.16