Title

Conformance Testing of Balana: An Open Source Implementation of the XACML3.0 Standard

Document Type

Conference Proceeding

Publication Date

2016

Abstract

As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasing attention. Currently, Balana is the only open-source implementations of XACML 3.0, which is an OASIS standard for specifying ABAC. Considering that XACML is much more complex than traditional access control models, conformance testing of any XACML implementation is an important problem. Using a non-conformance implementation may lead to misunderstanding of access decisions or even security violations. This paper presents an approach to conformance testing of Balana, focusing on the main elements of the XACML3.0 language, such as targets, rules, policies, and policy sets. In particular, we have thoroughly tested the key rule combining algorithms in policies and policy combining algorithms in policy sets. This has revealed several conformance issues.