An automated model-based test oracle for access control systems

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Comment: 7 page

Validasi Policy Statement pada Lemari Penyimpanan Bukti Digital (LPBD)

Bukti digital sangat rentan terhadap kerusakan. Oleh sebab itu dalam membuat lemari penyimpanan bukti digital (LPBD) diperlukan adanya access control. Access control sendiri memiliki beberapa model, salah satunya yaitu ABAC. ABAC merupakan salah satu model dari access control yang baru. Karena model ABAC ini mempunyai fungsi yang fleksibel, memungkinkan bersinggungan dengan banyak sekali atribut, hal ini akan menjadi sangat kompleks dan dapat menimbulkan munculnya incosistency dan incompleteness. Maka dari itu implementasi dari ABAC ini harus didukung oleh kebijakan policy yang tepat dan tervalidasi dengan baik agar keamanan dalam LPBD lebih terjamin. Salah satu model pengujian access control yaitu model checking. Model checking ini bersifat memeriksa elemen-elemen di dalam sistem sehingga jika terdapat error maka akan diketahui. Sedangkan tools untuk validasi policy statement terdapat beraneka ragam salah satunya ACPT (Acess Control Policy Testing). Di dalam ACPT terdapat berbagai metode untuk membuat dan menguji policy statement. Pengujian ini dilakukan menggunakan kombinasi algoritma permit overrides dan dilakukan sebanyak 30 kali pengujian. Penelitian ini telah berhasil menguji dan membuktikan bahwa policy statement tersebut tidak menemukan incosistency dan incompleteness. Dalam 30 kali pengujian, policy statement tersebut berjalan sesuai dengan rule yang ada

Access control for IoT environments: specification and analysis

2021 Spring.Includes bibliographical references.Smart homes have devices which are prone to attacks as seen in the 2016 Mirai botnet attacks. Authentication and access control form the first line of defense. Towards this end, we propose an attribute-based access control framework for smart homes that is inspired by the Next Generation Access Control (NGAC) model. Policies in a smart home can be complex. Towards this end, we demonstrate how the formal modeling language Alloy can be used for policy analysis. In this work we formally define an IoT environment, express an example security policy in the context of a smart home, and show the policy analysis using Alloy. This work introduces processes for identifying conflicting and redundant rules with respect to a given policy. This work also demonstrates a practical use case for the processes described. In other words, this work formalizes policy rule definition, home IoT environment definition, and rule analysis all in the context of NGAC and Alloy