A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2008; you can also visit the original URL.
The file type is application/pdf
.
Defining and Measuring Policy Coverage in Testing Access Control Policies
[chapter]
2006
Lecture Notes in Computer Science
To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP's responses against expected ones. This paper develops a first step toward
doi:10.1007/11935308_11
fatcat:xhjh77ws3nh35jwbvj2x367b3q