XPA: An Open Source IDE for XACML Policies

This paper presents XPA (XACML Policy Analyzer), an open source IDE (Integrated Development Environment) for testing, debugging, and mutating XACML 3.0 policies. XACML is an OASIS standard for specifying attributebased access control policies. XPA provides a variety of new techniques for generating test cases from policies, localizing bugs in faulty policies, and repairing faulty policy elements. XPA has been applied to numerous XACML policies from the literature and real-world applications. These policies have been used to quantitatively evaluate the effectiveness of various testing and debugging methods. For system developers and administrators, XPA is a practical IDE for developing dependable XACML policies. For access control researchers, XPA offers a versatile toolkit for studying and evaluating new testing, debugging, and verification techniques

Towards Automatic Repair of XACML Policies

In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for this purpose: fault localization and mutation-based policy repair. Fault localization produces an ordered list of suspicious policy elements by correlating the test results and the test coverage information. Mutation-based policy repair searches for potential fixes by mutating suspicious policy elements with predefined mutation operators. Empirical studies show that the proposed approach is able to repair various faulty XACML policies with one or two seeded faults. Among the scoring methods for fault localization that are studied in the experiment, Naish2 and CBI-Inc are the most efficient

Automated Fault Localization of XACML Policies

Access control policies in distributed systems, particularly implemented in the XACML standard language, are increasingly complex. Faults may exist in complex policies for various reasons such as misunderstanding of the access control requirements, omissions, and coding errors. These faults, if not removed before deployment, may lead to unauthorized accesses or denial of service. Manual localization of these faults, however, can be a challenging task. Inspired by spectrum-based fault localization for software debugging, this paper presents an approach for automatically localizing the fault(s) in a given XACML policy by exploring test coverage information of the policy elements. We investigate two test coverage criteria (i.e., reachability and firing) of policy elements and 14 scoring methods for ranking policy elements to determine the fault location(s). To evaluate the fault localization methods, we have used real-world policy files with different levels of complexity and a large number of policy mutants with one or two seeded faults. The experiment results show that the firing-based Naish2 and CBI-Inc methods are effective in fault localization of XACML policies