Publication Date
5-2017
Date of Final Oral Examination (Defense)
3-1-2017
Type of Culminating Activity
Thesis
Degree Title
Master of Science in Computer Science
Department
Computer Science
Supervisory Committee Chair
Dianxiang Xu, Ph.D.
Supervisory Committee Member
Gaby Dagher, Ph.D
Supervisory Committee Member
Jyh-Haw Yeh, Ph.D.
Abstract
In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for this purpose: fault localization and mutation-based policy repair. Fault localization produces an ordered list of suspicious policy elements by correlating the test results and the test coverage information. Mutation-based policy repair searches for potential fixes by mutating suspicious policy elements with predefined mutation operators. Empirical studies show that the proposed approach is able to repair various faulty XACML policies with one or two seeded faults. Among the scoring methods for fault localization that are studied in the experiment, Naish2 and CBI-Inc are the most efficient.
DOI
https://doi.org/10.18122/B2P699
Recommended Citation
Peng, Shuai, "Towards Automatic Repair of XACML Policies" (2017). Boise State University Theses and Dissertations. 1280.
https://doi.org/10.18122/B2P699