Automated test generation for access control policies

Quantified Score

Visualization

Abstract

Access control policies are increasingly written in specification languages such as XACML. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing to probe the Policy Decision Point (PDP) with some typical test inputs (in the form of requests) and check test outputs (in the form of responses) against expected ones. Unfortunately, manual test generation is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present an efficient test generation approach and its supporting tool called Targen. We further reduce the number of generated requests based on structural coverage information to facilitate manual inspection. If a rule is unreachable due to an unsatisfiable set of constraints, it is redundant. We also present an approach for redundant-rule detection based on change-impact analysis and its supporting tool call Cirg. We have evaluated Targen on policies collected from various sources, some of which are complex policies being used in real systems. Our results show that Targen can effectively generate tests to achieve high structural coverage of policies and outperforms the existing random test generation in terms of structural coverage and fault-detection capability. Cirg can identify a large number of redundant rules among rules defined in a complex, real policy.