2014
Contribution to book  Restricted

A toolchain for designing and testing access control policies

Bertolino A., Busch M., Daoudagh S., Lonetti F., Marchetti E.

Access control policies  Authorization systems  D.4.6 Security and Protection. Access controls  Security 

Security is an important aspect of modern information management systems. The crucial role of security in this systems demands the use of tools and applications that are thoroughly validated and verified. However, the testing phase is an effort consuming activity that requires reliable supporting tools for speeding up this costly stage. Access control systems, based on the integration of new and existing tools are available in the Service Development Environment (SDE). We introduce an Access Control Testing toolchain (ACT) for designing and testing access control policies that includes the following features: (i) the graphical specification of an access control model and its translation into an XACML policy; (ii) the derivation of test cases and their execution against the XACML policy; (iii) the assessment of compliance between the XACML policy execution and the access control model. In addition, we illustrate the use of the ACT toolchain on a case study.

Source: Engineering Secure Future Internet Services and Systems - Current Research, edited by Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli, pp. 266–286, 2014


Metrics



Back to previous page
BibTeX entry
@inbook{oai:it.cnr:prodotti:310138,
	title = {A toolchain for designing and testing access control policies},
	author = {Bertolino A. and Busch M. and Daoudagh S. and Lonetti F. and Marchetti E.},
	doi = {10.1007/978-3-319-07452-8_11},
	booktitle = {Engineering Secure Future Internet Services and Systems - Current Research, edited by Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli, pp. 266–286, 2014},
	year = {2014}
}

NESSOS
Network of Excellence on Engineering Secure Future Internet Software Services and Systems


OpenAIRE