Caserio C., Lonetti F., Marchetti E.
Atomic and Molecular Physics XACML 3.0 formalization policy testing Coverage criteria Electrical and Electronic Engineering Analytical Chemistry coverage criteria and Optics Instrumentation Biochemistry Policy testing
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies. The verbosity and complexity of XACML syntax as well as the natural language semantics provided by the standard make the verification and testing of these policies difficult and error-prone. In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes. This paper provides three contributions: it provides a comprehensive formal specification of XACML 3.0 policy elements; it leverages the existing policy coverage criteria to be suitable for XACML 3.0; and it introduces a new set of coverage criteria to better focus the testing activities on the peculiarities of XACML 3.0. The application of the proposed coverage criteria to a policy example is described, and hints for future research directions are discussed.
Source: Sensors (Basel) 22 (2022). doi:10.3390/s22082984
Publisher: Molecular Diversity Preservation International (MDPI),, Basel
@article{oai:it.cnr:prodotti:468728, title = {A formal validation approach for XACML 3.0 access control policy}, author = {Caserio C. and Lonetti F. and Marchetti E.}, publisher = {Molecular Diversity Preservation International (MDPI),, Basel }, doi = {10.3390/s22082984}, journal = {Sensors (Basel)}, volume = {22}, year = {2022} }
BIECO
Building Trust in Ecosystems and Ecosystem Components
CyberSec4Europe
Cyber Security Network of Competence Centres for Europe