7 research outputs found
Automatic XACML requests generation for policy testing
Abstract-Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies
Fault-Based Testing of Combining Algorithms in XACML 3.0 Policies
With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective
Fault-Based Testing of Combining Algorithms in XACML3.0 Policies
Abstract-With the increasing complexity of software, new access control methods have emerged to deal with attributebased authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective
Policy Decomposition for Evaluation Performance Improvement of PDP
In conventional centralized authorization models, the evaluation performance of policy decision point (PDP) decreases obviously with the growing numbers of rules embodied in a policy. Aiming to improve the evaluation performance of PDP, a distributed policy evaluation engine called XDPEE is presented. In this engine, the unicity of PDP in the centralized authorization model is changed by increasing the number of PDPs. A policy should be decomposed into multiple subpolicies each with fewer rules by using a decomposition method, which can have the advantage of balancing the cost of subpolicies deployed to each PDP. Policy decomposition is the key problem of the evaluation performance improvement of PDPs. A greedy algorithm with O(nlgn) time complexity for policy decomposition is constructed. In experiments, the policy of the LMS, VMS, and ASMS in real applications is decomposed separately into multiple subpolicies based on the greedy algorithm. Policy decomposition guarantees that the cost of subpolicies deployed to each PDP is equal or approximately equal. Experimental results show that (1) the method of policy decomposition improves the evaluation performance of PDPs effectively and that (2) the evaluation time of PDPs reduces with the growing numbers of PDPs
Towards Automatic Repair of XACML Policies
In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for this purpose: fault localization and mutation-based policy repair. Fault localization produces an ordered list of suspicious policy elements by correlating the test results and the test coverage information. Mutation-based policy repair searches for potential fixes by mutating suspicious policy elements with predefined mutation operators. Empirical studies show that the proposed approach is able to repair various faulty XACML policies with one or two seeded faults. Among the scoring methods for fault localization that are studied in the experiment, Naish2 and CBI-Inc are the most efficient
Plataforma ABAC para aplicações da IoT baseada na norma OASIS XACML
Mestrado em Engenharia de Computadores e TelemáticaA IoT (Internet of Things) é uma área que apresenta grande potencial
mas embora muitos dos seus problemas já terem soluções satisfatórias,
a segurança permanece um pouco esquecida, mantendo-se um como
questão ainda por resolver. Um dos aspectos da segurança que ainda
não foi endereçado é o controlo de acessos. O controlo de acesso é
uma forma de reforçar a segurança que envolve avaliar os pedidos de
acesso a recursos e negar o acesso caso este não seja autorizado,
garantindo assim a segurança no acesso a recursos críticos ou
vulneráveis. O controlo de Acesso é um termo lato, existindo diversos
modelos ou paradigmas possíveis, dos quais os mais significativos
são: IBAC (Identity Based Access Control), RBAC (Role Based Access
Control) and ABAC (Attribute Based Access Control). Neste trabalho
será usado o ABAC, já que oferece uma maior flexibilidade
comparativamente a IBAC e RBAC. Além disso, devido à sua natureza
adaptativa o ABAC tem maior longevidade e menor necessidade de
manutenção. A OASIS (Organization for the Advancement of Structured
Information Standards) desenvolveu a norma XACML (eXtensible
Access Control Markup Language) para escrita/definição de políticas de
acesso e pedidos de acesso, e de avaliação de pedidos sobre
conjuntos de políticas com o propósito de reforçar o controlo de acesso
sobre recursos. O XACML foi definido com a intenção de que os
pedidos e as políticas fossem de fácil leitura para os humanos,
garantindo, porém, uma estrutura bem definida que permita uma
avaliação precisa. A norma XACML usa ABAC. Este trabalho tem o
objetivo de criar uma plataforma de segurança que utilize os padrões
ABAC e XACML que possa ser usado por outros sistemas, reforçando o
controlo de acesso sobre recursos que careçam de proteção, e
garantindo acesso apenas a sujeitos autorizadas. Vai também
possibilitar a definição fina ou granular de regras e pedidos permitindo
uma avaliação com maior precisão e um maior grau de segurança. Os
casos de uso principais são grandes aplicações IoT, como aplicações
Smart City, que inclui monitorização inteligente de tráfego, consumo de
energia e outros recursos públicos, monitorização pessoal de saúde,
etc. Estas aplicações lidam com grandes quantidades de informação
(Big Data) que é confidencial e/ou pessoal. Existe um número
significativo de soluções NoSQL (Not Only SQL) para resolver o
problema do volume de dados, mas a segurança é ainda uma questão
por resolver. Este trabalho vai usar duas bases de dados NoSQL: uma
base de dados key-value (Redis) para armazenamento de políticas e
uma base de dados wide-column (Cassandra) para armazenamento de
informação de sensores e informação de atributos adicionais durante os
testes.IoT (Internet of Things) is an area which offers great opportunities and
although a lot of issues already have satisfactory solutions, security has
remained somewhat unaddressed and remains to be a big issue.
Among the security aspects, we emphasize access control. Access
Control is a way of enforcing security that involves evaluating requests
for accessing resources and denies access if it is unauthorised,
therefore providing security for vulnerable resources. Access Control is
a broad term that consists of several methodologies of which the most
significant are: IBAC (Identity Based Access Control), RBAC (Role
Based Access Control) and ABAC (Attribute Based Access Control). In
this work ABAC will be used as it offers the most flexibility compared to
IBAC and RBAC. Also, because of ABAC's adaptive nature, it offers
longevity and lower maintenance requirements. OASIS (Organization for
the Advancement of Structured Information Standards) developed the
XACML (eXtensible Access Control Markup Language) standard for
writing/defining requests and policies and the evaluation of the requests
over sets of policies for the purpose of enforcing access control over
resources. It is defined so the requests and policies are readable by
humans but also have a well defined structure allowing for precise
evaluation. The standard uses ABAC. This work aims to create a
security framework that utilizes ABAC and the XACML standard so that
it can be used by other systems and enforce access control over
resources that need to be protected by allowing access only to
authorised subjects. It will also allow for fine grained defining of rules
and requests for more precise evaluation and therefore a greater level
of security. The primary use-case scenarios are large IoT applications
such as Smart City applications including: smart traffic monitoring,
energy and utility consumption, personal healthcare monitoring, etc.
These applications deal with large quantities (Big Data) of confidential
and/or personal data. A number of NoSQL (Not Only SQL) solutions
exist for solving the problem of volume but security is still an issue. This
work will use two NoSQL databases. A key-value database (Redis) for
the storing of policies and a wide-column database (Cassandra) for
storing sensor data and additional attribute data during testing
Derivation and consistency checking of models in early software product line engineering
Dissertação para obtenção do Grau de Doutor em
Engenharia InformáticaSoftware Product Line Engineering (SPLE) should offer the ability to express the derivation of product-specific assets, while checking for their consistency. The derivation of product-specific assets is possible using general-purpose programming languages in combination with techniques
such as conditional compilation and code generation. On the other hand, consistency checking can be achieved through consistency rules in the form of architectural and design guidelines, programming conventions and well-formedness rules. Current approaches present four shortcomings: (1)
focus on code derivation only, (2) ignore consistency problems between the variability model and other complementary specification models used in early SPLE, (3) force developers to learn new, difficult to master, languages to encode the derivation of assets, and (4) offer no tool support.
This dissertation presents solutions that contribute to tackle these four shortcomings. These solutions are integrated in the approach Derivation and Consistency Checking of models in early SPLE (DCC4SPL) and its corresponding tool support.
The two main components of our approach are the Variability Modelling Language for Requirements(VML4RE), a domain-specific language and derivation infrastructure, and the Variability Consistency Checker (VCC), a verification technique and tool. We validate DCC4SPL demonstrating that it is appropriate to find inconsistencies in early SPL model-based specifications and to specify the derivation of product-specific models.European Project AMPLE, contract IST-33710; Fundação para a Ciência e Tecnologia - SFRH/BD/46194/2008