An automated model-based test oracle for access control systems

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Comment: 7 page

Faster Mutation Analysis via Equivalence Modulo States

Mutation analysis has many applications, such as asserting the quality of test suites and localizing faults. One important bottleneck of mutation analysis is scalability. The latest work explores the possibility of reducing the redundant execution via split-stream execution. However, split-stream execution is only able to remove redundant execution before the first mutated statement. In this paper we try to also reduce some of the redundant execution after the execution of the first mutated statement. We observe that, although many mutated statements are not equivalent, the execution result of those mutated statements may still be equivalent to the result of the original statement. In other words, the statements are equivalent modulo the current state. In this paper we propose a fast mutation analysis approach, AccMut. AccMut automatically detects the equivalence modulo states among a statement and its mutations, then groups the statements into equivalence classes modulo states, and uses only one process to represent each class. In this way, we can significantly reduce the number of split processes. Our experiments show that our approach can further accelerate mutation analysis on top of split-stream execution with a speedup of 2.56x on average.Comment: Submitted to conferenc

XPA: An Open Source IDE for XACML Policies

This paper presents XPA (XACML Policy Analyzer), an open source IDE (Integrated Development Environment) for testing, debugging, and mutating XACML 3.0 policies. XACML is an OASIS standard for specifying attributebased access control policies. XPA provides a variety of new techniques for generating test cases from policies, localizing bugs in faulty policies, and repairing faulty policy elements. XPA has been applied to numerous XACML policies from the literature and real-world applications. These policies have been used to quantitatively evaluate the effectiveness of various testing and debugging methods. For system developers and administrators, XPA is a practical IDE for developing dependable XACML policies. For access control researchers, XPA offers a versatile toolkit for studying and evaluating new testing, debugging, and verification techniques

Fault-Based Testing of Combining Algorithms in XACML 3.0 Policies

With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective

Performance Rubrics for Robustness Evaluation of Web Mutation Operators

Web Applications are the predominant medium for not only business enterprises but also for service-based sector to establish and continue their online presence. However, the robustness of web application is mandatory in seamless interaction with customers for achieving sustainable business. Intruders and unethical hackers keep trying to gain unauthentic access to the web applications and hence it is more necessary for the web application to be resistant against any such attacks. The strength of a web application is indirectly responsible for gaining customer confidence leading to repeat business as well as attracting new customers for profitable longer run. Once the web application gains credibility it is bound to run successfully. In the current work, an attempt has been made to assess the robustness of mutation operators used to test web applications is made. A few rubrics have been proposed to ascertain the strength of projected mutation operators verified on some sample open-source web applications. The functional attributes of a web application are the functionalities offered by the web application. The non-functional attributes of a typical web application are security, performance, availability. Here, web applications are challenged against the afore mentioned non-functional attributes using rubrics like uniformity, uniqueness, reliability, unpredictability, and entropy. A comprehensive analysis has been made for the robustness of the projected web operators against the designed and formulated rubrics

A Generic Metamodel For Security Policies Mutation

International audienceWe present a new approach for mutation analysis of Security Policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel: we defined policies with RBAC and OrBAC and mutated these policies

Analysis of Security Vulnerabilities in Web Applications using Threat Modeling

Software security issues have been a major concern to the cyberspace community; therefore, a great deal of research on security testing has been performed, and various security testing techniques have been developed. A security process that is integrated into the application development cycle is required for creating a secure system. A part of this process is to create a threat profile for an application. The present project explains this process as a case study for analyzing a web application using Threat Modeling. This analysis can be used in the security testing approach that derives test cases from design level artifacts

Fault-Based Testing of Combining Algorithms in XACML3.0 Policies

Abstract-With the increasing complexity of software, new access control methods have emerged to deal with attributebased authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective

Automatic XACML requests generation for policy testing

Abstract-Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies

Enabling verification and conformance testing for access control model

Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control sys-tems. In this paper we propose a methodology to sup-port automatic analysis and conformance testing for ac-cess control systems, integrating those features to Assur-ance Management Framework (AMF). Our methodology at-tempts to verify formal specifications of a role-based access control model and corresponding policies with selected se-curity properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset