Filters








184,069 Hits in 7.3 sec

Defining and Measuring Policy Coverage in Testing Access Control Policies [chapter]

Evan Martin, Tao Xie, Ting Yu
2006 Lecture Notes in Computer Science  
This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies.  ...  To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a  ...  Conclusion In this paper, we have developed a first step toward systematic policy testing by defining and measuring policy coverage.  ... 
doi:10.1007/11935308_11 fatcat:xhjh77ws3nh35jwbvj2x367b3q

Testing and Analysis of Access Control Policies

Evan Martin
2007 29th International Conference on Software Engineering (ICSE'07 Companion)  
the fault model; we propose and investigate various coverage criteria for testing access control policies; we develop various test generation techniques and evaluate them using the coverage criteria and  ...  We propose a fault model for access control policies and investigate various fault types and their frequencies of occurrence in policy development; we develop a mutation testing framework that implements  ...  In our case, we will model things that could go wrong when constructing an access control policy.  ... 
doi:10.1109/icsecompanion.2007.73 dblp:conf/icse/Martin07 fatcat:hurixha6jnectljkyh7qb5nahe

A fault model and mutation testing of access control policies

Evan Martin, Tao Xie
2007 Proceedings of the 16th international conference on World Wide Web - WWW '07  
Unfortunately, manual testing is tedious and few tools exist for automated testing of access control policies. We present a fault model for access control policies and a framework to explore it.  ...  Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection.  ...  In our previous work [25] , we have defined policy coverage and developed a policy coverage measurement tool.  ... 
doi:10.1145/1242572.1242663 dblp:conf/www/MartinX07 fatcat:ltu3oaxqvjfn7jjeydpemth3oi

On-line tracing of XACML-based policy coverage criteria

Francesca Lonetti, Eda Marchetti
2018 IET Software  
In particular, coverage measures can be adopted for assessing test strategy effectiveness in exercising the policy elements.  ...  Currently, eXtensible Access Control Markup Language (XACML) has becoming the standard for implementing access control policies and consequently more attention is dedicated to testing the correctness of  ...  Fig. 1: Access Control System Architecture Measurement of test quality is one of the key issues in software testing and coverage measures represent an effective mean for evaluating the different testing  ... 
doi:10.1049/iet-sen.2017.0351 fatcat:jmgxag4umjehjbmjvwrqq2kuji

A Formal Validation Approach for XACML 3.0 Access Control Policy

Carmine Caserio, Francesca Lonetti, Eda Marchetti
2022 Sensors  
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies.  ...  In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes.  ...  Masi et al. in [17] define a formal expressive access control policy language denoted as FACPL, supporting automated specification, analysis, and the enforcement of access control policies.  ... 
doi:10.3390/s22082984 pmid:35458969 pmcid:PMC9026700 fatcat:2yz4wzt5gvhmtmvboa56rkgure

Automated Test Generation for Access Control Policies via Change-Impact Analysis

Evan Martin, Tao Xie
2007 Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)  
Access control policies are increasingly written in specification languages such as XACML.  ...  Our experimental results show that Cirg can effectively generate tests to achieve high structural coverage of policies and outperforms random test generation in terms of structural coverage and fault-detection  ...  Access control policies are often tested with manually defined access requests so that policy authors may check the PDP's responses against expected ones.  ... 
doi:10.1109/sess.2007.5 dblp:conf/icse/MartinX07 fatcat:mwpihejifjekbcao2x6wlqdc7q

Conformance Checking of Access Control Policies Specified in XACML

Vincent C. Hu, Evan Martin, JeeHyun Hwang, Tao Xie
2007 Computer Software and Applications Conference (COMPSAC) Proceedings of the IEEE International  
In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and testing tools for XACML policies.  ...  To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML.  ...  In policy testing, test inputs are access requests and test outputs are access responses.  ... 
doi:10.1109/compsac.2007.96 dblp:conf/compsac/HuMHX07 fatcat:jzoj2m74x5bz3nc6qjklukoq5u

Automated test generation for access control policies

Evan Martin
2006 Companion to the 21st ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications - OOPSLA '06  
Access control policies are increasingly written in specification languages such as XACML.  ...  To increase confidence in the correctness of specified policies, policy developers can conduct policy testing to probe the PDP with some typical test inputs (in the form of requests) and check test outputs  ...  Access control policies are often tested with manually defined access requests so that policy authors may check the PDP's responses against expected ones.  ... 
doi:10.1145/1176617.1176708 dblp:conf/oopsla/Martin06 fatcat:banf2am3jrecfdxgulgbtbutja

Security policy testing via automated program code generation

Ting Yu, Dhivya Sivasubramanian, Tao Xie
2009 Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies - CSIIRW '09  
Acknowledgments This research was sponsored by the NSF through CyberTrust grants IIS-0430166, CNS-0716579, and CNS-0716210.  ...  An access control policy is explicitly specified using certain policy languages with well-defined syntax and semantics.  ...  Targen defines a set of coverage criteria [6] for XACML policies, including policy coverage ratio, rule coverage ratio, and condition coverage ratio.  ... 
doi:10.1145/1558607.1558623 dblp:conf/csiirw/YuSX09 fatcat:r72qldtokncshnuuuucltcqu5y

Coverage-Based Test Cases Selection for XACML Policies

Antonia Bertolino, Yves Le Traon, Francesca Lonetti, Eda Marchetti, Tejeddine Mouelhi
2014 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops  
XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task.  ...  The test of XACML policies involves running requests and checking manually the correct response.  ...  XACML LANGUAGE XACML [1] is a de facto standard specification language that defines access control policies and access control decision requests/responses in an XML format.  ... 
doi:10.1109/icstw.2014.49 dblp:conf/icst/BertolinoTLMM14 fatcat:pclzgukzjneanedswfilxwzjbm

Exploring the viability of tie strength and tags in access controls for photo sharing

Ricard L. Fogues, Jose M. Such, Agustin Espinosa, Ana Garcia-Fornes
2017 Proceedings of the Symposium on Applied Computing - SAC '17  
If citing, it is advised that you check and use the publisher's definitive version for pagination, volume/issue, and date of publication details.  ...  And where the final published version is provided on the Research Portal, if citing you are again advised to check the publisher's website for any subsequent corrections.  ...  Therefore, to test whether or not the differences in coverage were significant, we performed a series of t-tests with a 95% confidence interval.  ... 
doi:10.1145/3019612.3019909 dblp:conf/sac/FoguesSMG17 fatcat:m4czswqe4jcifjjkedmlkzvzhq

XPA: An Open Soruce IDE for XACML Policies (S)

Roshan Shrestha, Shuai Peng, Turner Lehmbecker, Dianxiang Xu
2018 Proceedings of the 30th International Conference on Software Engineering and Knowledge Engineering  
For access control researchers, XPA offers a versatile toolkit for studying and evaluating new testing, debugging, and verification techniques.  ...  XACML is an OASIS standard for specifying attributebased access control policies.  ...  The measurement of coverage adequacy provides important guidelines for the development of access control tests. VI.  ... 
doi:10.18293/seke2018-027 dblp:conf/seke/ShresthaPLX18 fatcat:4zh6dl7knvgtjkvfufbl3hob74

Analysis and Comparison of Access Control Policies Validation Mechanisms

Muhammad Aqib, Riaz Ahmed Shaikh
2014 International Journal of Computer Network and Information Security  
The RBAC is an alternative to both DAC and MAC and is commonly used to define the access control policies.  ...  These rules are defined under different kind of policies which are applied for this purpose and are known as the access control policies. A.  ...  In this work they have used previously defined policy coverage criteria and also a policy coverage measurement tool to know the quality of tests performed on the policies.  ... 
doi:10.5815/ijcnis.2015.01.08 fatcat:5l57q7pkdvfwbe2bxxnewtkn4a

Assessing Quality of Policy Properties in Verification of Access Control Policies

Evan Martin, JeeHyun Hwang, Tao Xie, Vincent Hu
2008 2008 Annual Computer Security Applications Conference (ACSAC)  
Access control policies are often specified in declarative languages.  ...  In our approach, given a policy and a set of properties, we first mutate the policy to generate various mutant policies, each with a single seeded fault.  ...  Acknowledgment This work is supported in part by NSF grant CNS-0716579 and its NIST supplement.  ... 
doi:10.1109/acsac.2008.48 dblp:conf/acsac/MartinHXH08 fatcat:dippufpynzcgxkyaf6ann4o6pq

Testing of PolPA-based usage control systems

Antonia Bertolino, Said Daoudagh, Francesca Lonetti, Eda Marchetti, Fabio Martinelli, Paolo Mori
2013 Software quality journal  
In this paper, we address the testing of the implementation of the Policy Decision Point (PDP) within the PolPA authorization system that enables history-based and usage-based control of accesses.  ...  Accordingly, we propose two testing strategies specifically conceived for validating the history-based access control and the usage control functionalities of the PolPA PDP.  ...  Acknowledgment This work has been partially funded by the Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) FP7 Project contract n. 256980.  ... 
doi:10.1007/s11219-013-9216-0 fatcat:u25xppqjsrhttpuu37ke2zihq4
« Previous Showing results 1 — 15 out of 184,069 results