Generating test cases for web services using data perturbation
ACM SIGSOFT Software Engineering Notes
Adaptive Testing, Oracle Generation, and Test Case Ranking for Web Services
COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
WSDL-Based Automatic Test Case Generation for Web Services Testing
SOSE '05 Proceedings of the IEEE International Workshop
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
TAXI--A Tool for XML-Based Testing
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Conformance Checking of Access Control Policies Specified in XACML
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Performance evaluation of XACML PDP implementations
Proceedings of the 2008 ACM workshop on Secure web services
| Hi-index | 0.00 |
Many Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies. To ensure the quality of an XACML-based access-control system, we need an effective means to test whether the XACML implementation correctly implements XACML functionalities. The test inputs of an XACML implementation are XACML policies and requests. The test outputs are XACML responses. This paper proposes an approach to detect defects in XACML implementations via observing the behaviors of different XACML implementations for the same test inputs. As XACML has been widely used, we can collect different XACML implementations, and test them with the same XACML polices and requests to observe whether the different implementations produce different responses. Based on the analysis of different responses, we can detect defects in different XACML implementations. We show the feasibility of the proposed approach with a preliminary study on three XACML implementations.