ACPC: A Framework for Testing the Access Control Policies
نویسندگان
چکیده
In today’s scenario any multiuser system need to implement access control for protecting its resources from unauthorized access or damage. With the help of separate policy specification language we can specify these access control policies. However, it is challenging to specify a correct access control policy and so, it is common for the security of a system to be compromised because of the incorrect specification of these policies. There are many ways in which a policy can be checked for correctness like, formal verification, analysis and testing. In this paper, a testing framework called ACPC (Access Control Policy Checker) has been introduced; we choose to illustrate the above technique using XACML language. We conduct extensive experiments using nine policy sets to evaluate the effectiveness of the above technique. The experimental result shows that ACPC can effectively generate requests to achieve high structural coverage of policies and outperforms random requests generation in terms of policy structural coverage and fault-detection capability. We have used nine mutation operators to make the mutant policy for mutation testing. We found the better result by classify these mutation operator in to three classes. We got up to 98% of mutant killed by one class of mutation operator, these results shows that, above framework generates better request sets and the classification gives better performance in terms of
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملToward Systematic Testing of Access Control Policies
To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of spe...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کامل