Title :
An Automated Testing Framework of Model-Driven Tools for XACML Policy Specification
Author :
Bertolino, Antonia ; Daoudagh, Said ; Lonetti, Francesca ; Marchetti, Eda
Author_Institution :
Consiglio Naz. delle Ric., Ist. di Scienza e Tecnol. dell´Inf. “A. Faedo”, Pisa, Italy
Abstract :
Access Control is among the most important security mechanisms to put in place in order to secure applications. XACML is the de facto standard for storing and deploying access control policies. However, due to the complexity of the XACML language, policy definition becomes a difficult and error prone process. In recent years, the combined use of models for the access control policy specification, and the model-to-code facilities, for the automatic transformation of the model into the XACML language, has been proposed as a possible solution. These model-driven methodologies and facilities need to be thoroughly validated and verified. In this paper we provide an integrated framework for testing the automatic translation of the specification of an access control model into an XACML policy. The framework includes different test strategies for the derivation of test cases and some facilities for making easier their execution against the XACML policy and the test results collection and analysis. In addition, we illustrate the use of the framework on a case study.
Keywords :
authorisation; formal specification; program testing; XACML language; XACML policy specification; access control model; access control policy specification; automated testing framework; model-driven tools; security mechanism; test case derivation; test results analysis; test results collection; Access control; Complexity theory; Engines; Standards; Sun; Testing; access control; model-driven development; testing;
Conference_Titel :
Quality of Information and Communications Technology (QUATIC), 2014 9th International Conference on the
Conference_Location :
Guimaraes
Print_ISBN :
978-1-4799-6132-0
DOI :
10.1109/QUATIC.2014.17
