The X-CREATE Framework - A Comparison of XACML Policy Testing Strategies
نویسندگان
چکیده
The specification of access control policies with the XACML language could be an error prone process, so a testing is usually the solution for increasing the confidence on the policy itself. In this paper, we compare two methodologies for deriving test cases for policy testing, i.e. XACML requests, that are implemented in the X-CREATE tool. We consider a simple combinatorial strategy and a XML-based approach (XPT) which exploit policy values and the XACML Context Schema. A stopping criterion for the test cases generation is also provided and used for the comparison of the strategies in terms of fault detection effectiveness.
منابع مشابه
Toward Systematic Testing of Access Control Policies
To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of spe...
متن کاملDesigning the Integrated Framework of Strategic Planning and Policy Making in Upstream Oil and Gas Drilling Sector
The aim of this study is designing the integrated framework of strategic planning and policy making in upstream oil and gas drilling sector. In this regard variety of robust strategies were designed using SWOT matrix and in order to weighting and prioritizeing decision options, all effective factors and parameters were extracted and explained using Delphi technique and pairwise comp...
متن کاملDesigning Fast and Scalable Policy Evaluation Engines
Most prior research on policies has focused on correctness. While correctness is an important issue, the adoption of policybased computing may be limited if the resulting systems are not implemented efficiently and thus perform poorly. To increase the effectiveness and adoption of policy-based computing, in this paper, we propose fast policy evaluation algorithms that can be adapted to support ...
متن کاملACPC: A Framework for Testing the Access Control Policies
In today’s scenario any multiuser system need to implement access control for protecting its resources from unauthorized access or damage. With the help of separate policy specification language we can specify these access control policies. However, it is challenging to specify a correct access control policy and so, it is common for the security of a system to be compromised because of the inc...
متن کاملStatistics & Clustering Based Framework for Efficient XACML Policy Evaluation
The adoption of XACML as the standard for specifying access control policies for various applications, especially web services is vastly increasing. A policy evaluation engine can easily become a bottleneck when enforcing large policies. In this paper we propose an adaptive approach for XACML policy optimization. We proposed a clustering technique that categorizes policies and rules within a po...
متن کامل