Testing Access Control Policies Against Intended Access Rights
| Title | Testing Access Control Policies Against Intended Access Rights |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Bertolino, Antonia, Daoudagh, Said, Lonetti, Francesca, Marchetti, Eda |
| Conference Name | Proceedings of the 31st Annual ACM Symposium on Applied Computing |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3739-7 |
| Keywords | access control rights, Human Behavior, pubcrawl, Resiliency, Scalability, Security Policies Analysis, Software Testing, XACML language |
| Abstract | Access Control Policies are used to specify who can access which resource under which conditions, and ensuring their correctness is vital to prevent security breaches. As access control policies can be complex and error-prone, we propose an original framework that supports the validation of the implemented policies (specified in the standard XACML notation) against the intended rights, which can be informally expressed, e.g. in tabular form. The framework relies on well-known software testing technology, such as mutation and combinatorial techniques. The paper presents the implemented environment and an application example. |
| URL | http://doi.acm.org/10.1145/2851613.2851829 |
| DOI | 10.1145/2851613.2851829 |
| Citation Key | bertolino_testing_2016 |