Automatic XACML requests generation for policy testing

Abstract-Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies

Fault-Based Testing of Combining Algorithms in XACML 3.0 Policies

With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective

Fault-Based Testing of Combining Algorithms in XACML3.0 Policies

Abstract-With the increasing complexity of software, new access control methods have emerged to deal with attributebased authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective

Policy Decomposition for Evaluation Performance Improvement of PDP

In conventional centralized authorization models, the evaluation performance of policy decision point (PDP) decreases obviously with the growing numbers of rules embodied in a policy. Aiming to improve the evaluation performance of PDP, a distributed policy evaluation engine called XDPEE is presented. In this engine, the unicity of PDP in the centralized authorization model is changed by increasing the number of PDPs. A policy should be decomposed into multiple subpolicies each with fewer rules by using a decomposition method, which can have the advantage of balancing the cost of subpolicies deployed to each PDP. Policy decomposition is the key problem of the evaluation performance improvement of PDPs. A greedy algorithm with O(nlgn) time complexity for policy decomposition is constructed. In experiments, the policy of the LMS, VMS, and ASMS in real applications is decomposed separately into multiple subpolicies based on the greedy algorithm. Policy decomposition guarantees that the cost of subpolicies deployed to each PDP is equal or approximately equal. Experimental results show that (1) the method of policy decomposition improves the evaluation performance of PDPs effectively and that (2) the evaluation time of PDPs reduces with the growing numbers of PDPs

Towards Automatic Repair of XACML Policies

In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for this purpose: fault localization and mutation-based policy repair. Fault localization produces an ordered list of suspicious policy elements by correlating the test results and the test coverage information. Mutation-based policy repair searches for potential fixes by mutating suspicious policy elements with predefined mutation operators. Empirical studies show that the proposed approach is able to repair various faulty XACML policies with one or two seeded faults. Among the scoring methods for fault localization that are studied in the experiment, Naish2 and CBI-Inc are the most efficient

Plataforma ABAC para aplicações da IoT baseada na norma OASIS XACML

Mestrado em Engenharia de Computadores e TelemáticaA IoT (Internet of Things) é uma área que apresenta grande potencial mas embora muitos dos seus problemas já terem soluções satisfatórias, a segurança permanece um pouco esquecida, mantendo-se um como questão ainda por resolver. Um dos aspectos da segurança que ainda não foi endereçado é o controlo de acessos. O controlo de acesso é uma forma de reforçar a segurança que envolve avaliar os pedidos de acesso a recursos e negar o acesso caso este não seja autorizado, garantindo assim a segurança no acesso a recursos críticos ou vulneráveis. O controlo de Acesso é um termo lato, existindo diversos modelos ou paradigmas possíveis, dos quais os mais significativos são: IBAC (Identity Based Access Control), RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control). Neste trabalho será usado o ABAC, já que oferece uma maior flexibilidade comparativamente a IBAC e RBAC. Além disso, devido à sua natureza adaptativa o ABAC tem maior longevidade e menor necessidade de manutenção. A OASIS (Organization for the Advancement of Structured Information Standards) desenvolveu a norma XACML (eXtensible Access Control Markup Language) para escrita/definição de políticas de acesso e pedidos de acesso, e de avaliação de pedidos sobre conjuntos de políticas com o propósito de reforçar o controlo de acesso sobre recursos. O XACML foi definido com a intenção de que os pedidos e as políticas fossem de fácil leitura para os humanos, garantindo, porém, uma estrutura bem definida que permita uma avaliação precisa. A norma XACML usa ABAC. Este trabalho tem o objetivo de criar uma plataforma de segurança que utilize os padrões ABAC e XACML que possa ser usado por outros sistemas, reforçando o controlo de acesso sobre recursos que careçam de proteção, e garantindo acesso apenas a sujeitos autorizadas. Vai também possibilitar a definição fina ou granular de regras e pedidos permitindo uma avaliação com maior precisão e um maior grau de segurança. Os casos de uso principais são grandes aplicações IoT, como aplicações Smart City, que inclui monitorização inteligente de tráfego, consumo de energia e outros recursos públicos, monitorização pessoal de saúde, etc. Estas aplicações lidam com grandes quantidades de informação (Big Data) que é confidencial e/ou pessoal. Existe um número significativo de soluções NoSQL (Not Only SQL) para resolver o problema do volume de dados, mas a segurança é ainda uma questão por resolver. Este trabalho vai usar duas bases de dados NoSQL: uma base de dados key-value (Redis) para armazenamento de políticas e uma base de dados wide-column (Cassandra) para armazenamento de informação de sensores e informação de atributos adicionais durante os testes.IoT (Internet of Things) is an area which offers great opportunities and although a lot of issues already have satisfactory solutions, security has remained somewhat unaddressed and remains to be a big issue. Among the security aspects, we emphasize access control. Access Control is a way of enforcing security that involves evaluating requests for accessing resources and denies access if it is unauthorised, therefore providing security for vulnerable resources. Access Control is a broad term that consists of several methodologies of which the most significant are: IBAC (Identity Based Access Control), RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control). In this work ABAC will be used as it offers the most flexibility compared to IBAC and RBAC. Also, because of ABAC's adaptive nature, it offers longevity and lower maintenance requirements. OASIS (Organization for the Advancement of Structured Information Standards) developed the XACML (eXtensible Access Control Markup Language) standard for writing/defining requests and policies and the evaluation of the requests over sets of policies for the purpose of enforcing access control over resources. It is defined so the requests and policies are readable by humans but also have a well defined structure allowing for precise evaluation. The standard uses ABAC. This work aims to create a security framework that utilizes ABAC and the XACML standard so that it can be used by other systems and enforce access control over resources that need to be protected by allowing access only to authorised subjects. It will also allow for fine grained defining of rules and requests for more precise evaluation and therefore a greater level of security. The primary use-case scenarios are large IoT applications such as Smart City applications including: smart traffic monitoring, energy and utility consumption, personal healthcare monitoring, etc. These applications deal with large quantities (Big Data) of confidential and/or personal data. A number of NoSQL (Not Only SQL) solutions exist for solving the problem of volume but security is still an issue. This work will use two NoSQL databases. A key-value database (Redis) for the storing of policies and a wide-column database (Cassandra) for storing sensor data and additional attribute data during testing

Derivation and consistency checking of models in early software product line engineering

Dissertação para obtenção do Grau de Doutor em Engenharia InformáticaSoftware Product Line Engineering (SPLE) should offer the ability to express the derivation of product-specific assets, while checking for their consistency. The derivation of product-specific assets is possible using general-purpose programming languages in combination with techniques such as conditional compilation and code generation. On the other hand, consistency checking can be achieved through consistency rules in the form of architectural and design guidelines, programming conventions and well-formedness rules. Current approaches present four shortcomings: (1) focus on code derivation only, (2) ignore consistency problems between the variability model and other complementary specification models used in early SPLE, (3) force developers to learn new, difficult to master, languages to encode the derivation of assets, and (4) offer no tool support. This dissertation presents solutions that contribute to tackle these four shortcomings. These solutions are integrated in the approach Derivation and Consistency Checking of models in early SPLE (DCC4SPL) and its corresponding tool support. The two main components of our approach are the Variability Modelling Language for Requirements(VML4RE), a domain-specific language and derivation infrastructure, and the Variability Consistency Checker (VCC), a verification technique and tool. We validate DCC4SPL demonstrating that it is appropriate to find inconsistencies in early SPL model-based specifications and to specify the derivation of product-specific models.European Project AMPLE, contract IST-33710; Fundação para a Ciência e Tecnologia - SFRH/BD/46194/2008