Inferring Access-Control Policy Properties via Machine Learning
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Selective Regression Test for Access Control System Employing RBAC
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Hi-index | 0.00 |
Policy testing and analysis are important techniques for high assurance of correct specification of access control policies. We propose a set of testing and analysis techniques for access control policies and tools for empirically investigating and evaluating the proposed techniques. We propose a fault model for access control policies and investigate various fault types and their frequencies of occurrence in policy development; we develop a mutation testing framework that implements the fault model; we propose and investigate various coverage criteria for testing access control policies; we develop various test generation techniques and evaluate them using the coverage criteria and mutation testing framework; we develop a policy model to facilitate refactoring, performance optimizations, dependency identification, and other types of static analysis. To make our discussion concrete, we choose to present our techniques in the context of XACML. Note that since XACML is an application-independent, generic access control policy language, our techniques can be equally applied to test policies written in other languages.