2019
Contribution to book  Closed Access

A General Framework for Decentralized Combinatorial Testing of Access Control Engine: Examples of Application

Daoudagh S., Lonetti F., Marchetti E.

Access control systems  Web service  Oracle  Testing  XACML 

Access control mechanisms aim to assure data protection in modern software systems. Testing of such mechanisms is a key activity to avoid security flaws and violations inside the systems or applications. In this paper, we introduce the general architecture of a new decentralized framework for testing of XACML-based access control engines. The proposed framework is composed of different web services and can be instantiated for different testing purposes: i) generation of test cases based on combinatorial testing strategies; ii) distributed test cases execution; iii) decentralized oracle derivation able to associate the expected authorization decision to a given XACML request. The effectiveness of the framework has been proven into two different experiments. The former addressed the evaluation of the distributed vs non distributed testing solution. The latter focused on the performance comparison of two distributed oracle approaches.

Source: Information Systems Security and Privacy, edited by Paolo Mori, Steven Furnell, Olivier Camp, pp. 207–229, 2019

Metrics



Back to previous page

Share

Cite as

BibTeX entry
@inbook{oai:it.cnr:prodotti:447643,
	title = {A General Framework for Decentralized Combinatorial Testing of Access Control Engine: Examples of Application},
	author = {Daoudagh S. and Lonetti F. and Marchetti E.},
	doi = {10.1007/978-3-030-49443-8_10},
	booktitle = {Information Systems Security and Privacy, edited by Paolo Mori, Steven Furnell, Olivier Camp, pp. 207–229, 2019},
	year = {2019}
}

CNR authors and affiliations

Download

Projects (via OpenAIRE)

CyberSec4Europe
Cyber Security Network of Competence Centres for Europe


OpenAIRE
Privacy Policy