4 research outputs found
An automated model-based test oracle for access control systems
In the context of XACML-based access control systems, an intensive testing
activity is among the most adopted means to assure that sensible information or
resources are correctly accessed. Unfortunately, it requires a huge effort for
manual inspection of results: thus automated verdict derivation is a key aspect
for improving the cost-effectiveness of testing. To this purpose, we introduce
XACMET, a novel approach for automated model-based oracle definition. XACMET
defines a typed graph, called the XAC-Graph, that models the XACML policy
evaluation. The expected verdict of a specific request execution can thus be
automatically derived by executing the corresponding path in such graph. Our
validation of the XACMET prototype implementation confirms the effectiveness of
the proposed approach.Comment: 7 page
Validasi Policy Statement pada Lemari Penyimpanan Bukti Digital (LPBD)
Bukti digital sangat rentan terhadap kerusakan. Oleh sebab itu dalam membuat lemari penyimpanan bukti digital (LPBD) diperlukan adanya access control. Access control sendiri memiliki beberapa model, salah satunya yaitu ABAC. ABAC merupakan salah satu model dari access control yang baru. Karena model ABAC ini mempunyai fungsi yang fleksibel, memungkinkan bersinggungan dengan banyak sekali atribut, hal ini akan menjadi sangat kompleks dan dapat menimbulkan munculnya incosistency dan incompleteness. Maka dari itu implementasi dari ABAC ini harus didukung oleh kebijakan policy yang tepat dan tervalidasi dengan baik agar keamanan dalam LPBD lebih terjamin. Salah satu model pengujian access control yaitu model checking. Model checking ini bersifat memeriksa elemen-elemen di dalam sistem sehingga jika terdapat error maka akan diketahui. Sedangkan tools untuk validasi policy statement terdapat beraneka ragam salah satunya ACPT (Acess Control Policy Testing). Di dalam ACPT terdapat berbagai metode untuk membuat dan menguji policy statement. Pengujian ini dilakukan menggunakan kombinasi algoritma permit overrides dan dilakukan sebanyak 30 kali pengujian. Penelitian ini telah berhasil menguji dan membuktikan bahwa policy statement tersebut tidak menemukan incosistency dan incompleteness. Dalam 30 kali pengujian, policy statement tersebut berjalan sesuai dengan rule yang ada
Access control for IoT environments: specification and analysis
2021 Spring.Includes bibliographical references.Smart homes have devices which are prone to attacks as seen in the 2016 Mirai botnet attacks. Authentication and access control form the first line of defense. Towards this end, we propose an attribute-based access control framework for smart homes that is inspired by the Next Generation Access Control (NGAC) model. Policies in a smart home can be complex. Towards this end, we demonstrate how the formal modeling language Alloy can be used for policy analysis. In this work we formally define an IoT environment, express an example security policy in the context of a smart home, and show the policy analysis using Alloy. This work introduces processes for identifying conflicting and redundant rules with respect to a given policy. This work also demonstrates a practical use case for the processes described. In other words, this work formalizes policy rule definition, home IoT environment definition, and rule analysis all in the context of NGAC and Alloy