Skip to main content
Contribution to Book
Fault-Based Testing of Combining Algorithms in XACML 3.0 Policies
Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
  • Dianxiang Xu, Boise State University
  • Ning Sheng, Boise State University
  • Yunpeng Zhang, Boise State University
Document Type
Conference Proceeding
Publication Date
1-1-2015
Disciplines
Abstract
With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using sizable XACML policies have demonstrated that our approach is effective.
Citation Information
Dianxiang Xu, Ning Sheng and Yunpeng Zhang. "Fault-Based Testing of Combining Algorithms in XACML 3.0 Policies" Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE (2015)
Available at: http://works.bepress.com/dianxiang_xu/26/