Fault Based Testing of XACML3.0 Policies
Abstract
With the continually increasing complexity of software and an increasing need for secure software there is an increased need in software development for controlling access to resources. XACML is a standard access control language that provides policies handling access control based on attributes. However, XACML polices can be widely varied and increasingly complex and as such, it is not uncommon for an XACML policy to contain a variety of errors. As a consequence of this, unauthorized access or false denial of access may occur. This research seeks to address this issue by providing a suite of algorithms that generate fault-based tests designed to discover various faults or errors in XACML3.0 policies. The algorithms presented in this research use a constraint solver to generate XACML requests from which a given policy and its derived mutants produce differing output. These requests can then be used to determine whether a given policy contains errors. While a similar fault-based testing approach has been used to determine the incorrect application of combining algorithms in XACML3.0 policies, this research and our approach considers a variety of fault types that may occur.
Fault Based Testing of XACML3.0 Policies
With the continually increasing complexity of software and an increasing need for secure software there is an increased need in software development for controlling access to resources. XACML is a standard access control language that provides policies handling access control based on attributes. However, XACML polices can be widely varied and increasingly complex and as such, it is not uncommon for an XACML policy to contain a variety of errors. As a consequence of this, unauthorized access or false denial of access may occur. This research seeks to address this issue by providing a suite of algorithms that generate fault-based tests designed to discover various faults or errors in XACML3.0 policies. The algorithms presented in this research use a constraint solver to generate XACML requests from which a given policy and its derived mutants produce differing output. These requests can then be used to determine whether a given policy contains errors. While a similar fault-based testing approach has been used to determine the incorrect application of combining algorithms in XACML3.0 policies, this research and our approach considers a variety of fault types that may occur.