A Toolchain for Designing and Testing XACML Policies

Author

Bertolino, Antonia ; Busch, M. ; Daoudagh, Said ; Koch, Nils ; Lonetti, Francesca ; Marchetti, Eda

Author_Institution

Ist. di Sci. e Tecnol. dell´Inf. A. Faedo, Pisa, Italy

fYear

2013

fDate

18-22 March 2013

Firstpage

495

Lastpage

496

Abstract

In modern pervasive application domains, such as Service Oriented Architectures (SOAs) and Peer-to-Peer (P2P) systems, security aspects are critical. Justified confidence in the security mechanisms that are implemented for assuring proper data access is a key point. In the last years XACML has become the de facto standard for specifying policies for access control decisions in many application domains. Briefly, an XACML policy defines the constraints and conditions that a subject needs to comply with for accessing a resource and doing an action in a given environment. Due to the complexity of the language, XACML policy specification is a difficult and error prone process that requires specific knowledge and a high effort to be properly managed.

Keywords

XML; authorisation; computational complexity; constraint handling; formal specification; information retrieval; program testing; XACML policy design; XACML policy specification; XACML policy testing; constraint handling; data access control decision; de facto standard; error prone process; language complexity; pervasive application domain; resource access; security mechanism; Access control; Analytical models; Navigation; Proposals; Testing; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on

Conference_Location

Luembourg

Print_ISBN

978-1-4673-5961-0

Type

conf

DOI

10.1109/ICST.2013.70

Filename

6569771