|
Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common. However, existing testing methods for detecting faults in access control policies have not been very successful and there is no explanation for why they are unable to detect a majority of faults. This project is investigating the inherent strengths, limitations, and cost-effectiveness of existing testing methods for access control policies. The results of this project will provide essential guidelines for planning testing efforts and selecting appropriate testing methods.
The project focuses on access control policies expressed in the XACML language. The project is formalizing fault detection conditions that test cases must satisfy in order to detect specific types of access control faults. These conditions consist of reachability constraints, necessity constraints, and propagation constraints of various faults in XACML policies. They are used to determine the fault detection ability of a given testing method by evaluating whether or not its test cases satisfy the fault detection conditions. Based on the collective fault detection conditions of fault groups, the project is developing a method for generating optimal test suites using an efficient constraint solver. The optimal test suites are used to quantitatively measure cost-effectiveness levels of other testing methods in terms of the ratio between the number of faults detected (i.e., effectiveness) and the size of test suite generated (i.e., cost). Thus, the project is a study of benchmarking testing methods for access control policies.
|
TWC: Small: Benchmarking Testing Methods for Access Control Policies