Modelling and testing of XACML policies

Bertolino A., Daoudagh S., Lonetti F., Marchetti E.

Access control policy  Policy Decision Point  Requests derivation  Verdicts coverage  XACML 

Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.

Source: ISTI Technical reports, 2012