3 research outputs found
An automated model-based test oracle for access control systems
In the context of XACML-based access control systems, an intensive testing
activity is among the most adopted means to assure that sensible information or
resources are correctly accessed. Unfortunately, it requires a huge effort for
manual inspection of results: thus automated verdict derivation is a key aspect
for improving the cost-effectiveness of testing. To this purpose, we introduce
XACMET, a novel approach for automated model-based oracle definition. XACMET
defines a typed graph, called the XAC-Graph, that models the XACML policy
evaluation. The expected verdict of a specific request execution can thus be
automatically derived by executing the corresponding path in such graph. Our
validation of the XACMET prototype implementation confirms the effectiveness of
the proposed approach.Comment: 7 page
A Toolchain for Model-Based Design and Testing of Access Control Systems
In access control systems, aimed at regulating the accesses to protected data and resources, a critical component
is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies.
Due to the complexity of the standard language, it is recommended to rely on model-driven approaches which
allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that
involves a model-driven approach to specify and generate XACML policies and also enables automated testing
of the PDP component. We use XACML-based testing strategies for generating appropriate test cases
which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An
experimental assessment of the toolchain and its use on a realistic case study are also presented