The X-create framework: A comparison of XACML policy testing strategies

WEBIST 2012 - Proceedings of the 8th International Conference on Web Information Systems and Technologies

Volumn , Issue , 2012, Pages 155-160

  Bertolino, Antonia ^a   Daoudagh, Said ^a   Lonetti, Francesca ^a   Marchetti, Eda ^a  

^a ISTI CNR   (Italy)

Author keywords

Policy testing; XACML; XACML requests derivation

Indexed keywords

FAULT DETECTION;

ACCESS CONTROL POLICIES; COMBINATORIAL STRATEGIES; ERROR-PRONE PROCESS; POLICY TESTING; SIMPLE++; TEST CASE; TESTING STRATEGIES; XACML; XACML POLICIES; XACML REQUEST DERIVATION;

ACCESS CONTROL;

EID: 84864887749     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (15)

1. Bertolino, A., Lonetti, F., Daoudagh, S., and Marchetti, E. (2012). Automatic XACML requests generation for policy testing. submitted to The Third International Workshop on Security Testing 2012.
2. Bertolino, A., Lonetti, F., and Marchetti, E. (2010). Systematic XACML Request Generation for Testing Purposes. In Proc. of 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), pages 3-11.
3. Cohen, D. M., Dalal, S. R., Fredman, M. L., and Patton, G. C. (1997). The AETG system: An approach to testing based on combinatiorial design. IEEE Trans. on Soft. Eng., 23(7):437-444.
4. DeMillo, R., Lipton, R., and Sayward, F. (1978). Hints on test data selection: Help for the practicing programmer. Computer, 11(4):34-41.
5. Fisler, K., Krishnamurthi, S., Meyerovich, L., and Tschantz, M. (2005). Verification and change-impact analysis of access-control policies. In Proc. of ICSE, pages 196-205.
6. Liu, A. X., Chen, F., Hwang, J., and Xie, T. (2011). Designing fast and scalable xacml policy evaluation engines. IEEE Transactions on Computers, 60(12):1802-1817.
7. Martin, E. and Xie, T. (2006). Automated test generation for access control policies. In Supplemental Proc. of ISSRE.
8. Martin, E. and Xie, T. (2007a). Automated test generation for access control policies via change-impact analysis. In Proc. of Third International Workshop on Software Engineering for Secure Systems (SESS), pages 5-12.
9. Martin, E. and Xie, T. (2007b). A fault model and mutation testing of access control policies. In Proc. of WWW, pages 667-676.
10. OASIS (1 Feb 2005). eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/accesscontrol-xacml-2.0-core- spec-os.pdf.
11. Ostrand, T. J. and Balcer, M. J. (1988). The category-partition method for specifying and generating functional tests. Commun. ACM, 31(6):676-686.
12. Pretschner, A., Mouelhi, T., and Le Traon, Y. (2008). Model-based tests for access control policies. In Proc. of ICST, pages 338-347.
13. Sun Microsystems (2006). Sun's XACML Implementation. http://sunxacml. sourceforge.net/.
14. TAS3 Project (2011). Trusted Architecture for Securely Shared Services. http://www.tas3.eu/.
15. Traon, Y., Mouelhi, T., and Baudry, B. (2007). Testing security policies: going beyond functional testing. In Proc. of ISSRE, pages 93-102.