2021
Doctoral thesis
Embargo
The GDPR compliance through access control systems
Daoudagh S.
The GDPR is changing how Personal Data should be processed. It states, in Art. 5.1(f), that "[data] should be processed in a manner that ensures appropriate security of the personal data [...], using appropriate technical or organizational measures (integrity and confidentiality)". We identify in the Access Control (AC) systems such a measure. Indeed, AC is the mechanism used to restrict access to data or systems according to Access Control Policies (ACPs), i.e., a set of rules that specify who has access to which resources and under which circumstances. In our view, the ACPs, when suitably enriched with attributes, elements and rules extracted from the GDPR provisions, can suitably specify the regulations and the AC systems can assure a by-design lawfully compliance with the privacy preserving rules. Vulnerabilities, threats, inaccuracies and misinterpretations that occur during the process of ACPs specification and AC systems implementation may have serious consequences for the security of personal data (security perspective) and for the lawfulness of the data processing (legal perspective). For mitigating these risks, this thesis provides a systematic process for automatically deriving, testing and enforcing ACPs and AC systems in line with the GDPR. Its data protection by-design solution promotes the adoption of AC systems ruled by policies systematically designed for expressing the GDPR's provisions. Specifically, the main contributions of this thesis are: (1) the definition of an Access Control Development Life Cycle for analyzing, designing, implementing and testing AC mechanisms (systems and policies) able to guarantee the compliance with the GDPR; (2) the realization of a reference architecture allowing the automatic application of the proposed Life Cycle; and (3) the use of the thesis proposal within five application examples highlighting the flexibility and feasibility of the proposal.Project(s): COVR
, BIECO , CyberSec4Europe
Daoudagh S.
The GDPR is changing how Personal Data should be processed. It states, in Art. 5.1(f), that "[data] should be processed in a manner that ensures appropriate security of the personal data [...], using appropriate technical or organizational measures (integrity and confidentiality)". We identify in the Access Control (AC) systems such a measure. Indeed, AC is the mechanism used to restrict access to data or systems according to Access Control Policies (ACPs), i.e., a set of rules that specify who has access to which resources and under which circumstances. In our view, the ACPs, when suitably enriched with attributes, elements and rules extracted from the GDPR provisions, can suitably specify the regulations and the AC systems can assure a by-design lawfully compliance with the privacy preserving rules. Vulnerabilities, threats, inaccuracies and misinterpretations that occur during the process of ACPs specification and AC systems implementation may have serious consequences for the security of personal data (security perspective) and for the lawfulness of the data processing (legal perspective). For mitigating these risks, this thesis provides a systematic process for automatically deriving, testing and enforcing ACPs and AC systems in line with the GDPR. Its data protection by-design solution promotes the adoption of AC systems ruled by policies systematically designed for expressing the GDPR's provisions. Specifically, the main contributions of this thesis are: (1) the definition of an Access Control Development Life Cycle for analyzing, designing, implementing and testing AC mechanisms (systems and policies) able to guarantee the compliance with the GDPR; (2) the realization of a reference architecture allowing the automatic application of the proposed Life Cycle; and (3) the use of the thesis proposal within five application examples highlighting the flexibility and feasibility of the proposal.Project(s): COVR
, BIECO , CyberSec4Europe
See at:
etd.adm.unipi.it 
| CNR ExploRA
2019
Conference article
Open Access
Towards a lawful authorized access: A preliminary GDPR-based authorized access
Bartolini C., Daoudagh S., Lenzini G., Marchetti E.
The General Data Protection Regulation (GDPR)'s sixth principle, Integrity and Confidentiality, dictates that personal data must be protected from unauthorised or unlawful processing. To this aim, we propose a systematic approach for authoring access control policies that are by-design aligned with the provisions of the GDPR. We exemplify it by considering realistic use cases.Source: ICSOFT 2019 - 14th International Conference on Software Technologies, pp. 331–338, Praga, 26-28/07/2019
DOI: 10.5220/0007978703310338
Project(s): CyberSec4Europe
Metrics:
Bartolini C., Daoudagh S., Lenzini G., Marchetti E.
The General Data Protection Regulation (GDPR)'s sixth principle, Integrity and Confidentiality, dictates that personal data must be protected from unauthorised or unlawful processing. To this aim, we propose a systematic approach for authoring access control policies that are by-design aligned with the provisions of the GDPR. We exemplify it by considering realistic use cases.Source: ICSOFT 2019 - 14th International Conference on Software Technologies, pp. 331–338, Praga, 26-28/07/2019
DOI: 10.5220/0007978703310338
Project(s): CyberSec4Europe
Metrics:
See at:
ISTI Repository 
| www.scitepress.org | doi.org | www.scopus.com | CNR ExploRA
2019
Conference article
Restricted
GDPR-Based User Stories in the Access Control Perspective
Bartolini C., Daoudagh S., Lenzini G., Marchetti E.
Because of GDPR's principle of "data protection by design and by default", organizations who wish to stay lawful have to re-think their data practices. Access Control (AC) can be a technical solution for them to protect access to "personal data by design", and thus to gain legal compliance, but this requires to have Access Control Policies (ACPs) expressing requirements aligned with GDPR's provisions. Provisions are however pieces of law and are not written to be immediately interpreted as technical requirements; the task is thus not straightforward. The Agile software development methodology can help untangle the problem. It has dedicated tools to describe requirements and one of such them, User Stories, seems up to task. Stories are concise yet informal descriptions telling who, what and why something is required by users; they are prioritized in lists, called backlogs. Inspired by these Agile tools this paper advances the notion of Data Protection backlogs, which are lists of User Stories about GDPR provisions told as technical requirements. For each User Story we build a corresponding ACP, so enabling the implementation of GDPR compliant AC systems.Source: International Conference on the Quality of Information and Communications Technology QUATIC 2019, pp. 3–17, Ciudad Real, Spain, 11-13/09/2019
DOI: 10.1007/978-3-030-29238-6_1
Project(s): CyberSec4Europe
Metrics:
Bartolini C., Daoudagh S., Lenzini G., Marchetti E.
Because of GDPR's principle of "data protection by design and by default", organizations who wish to stay lawful have to re-think their data practices. Access Control (AC) can be a technical solution for them to protect access to "personal data by design", and thus to gain legal compliance, but this requires to have Access Control Policies (ACPs) expressing requirements aligned with GDPR's provisions. Provisions are however pieces of law and are not written to be immediately interpreted as technical requirements; the task is thus not straightforward. The Agile software development methodology can help untangle the problem. It has dedicated tools to describe requirements and one of such them, User Stories, seems up to task. Stories are concise yet informal descriptions telling who, what and why something is required by users; they are prioritized in lists, called backlogs. Inspired by these Agile tools this paper advances the notion of Data Protection backlogs, which are lists of User Stories about GDPR provisions told as technical requirements. For each User Story we build a corresponding ACP, so enabling the implementation of GDPR compliant AC systems.Source: International Conference on the Quality of Information and Communications Technology QUATIC 2019, pp. 3–17, Ciudad Real, Spain, 11-13/09/2019
DOI: 10.1007/978-3-030-29238-6_1
Project(s): CyberSec4Europe
Metrics:
See at:
Communications in Computer and Information Science | link.springer.com | CNR ExploRA
2020
Conference article
Open Access
A life cycle for authorization systems development in the GDPR perspective
Said D., Marchetti E.
The General Data Protection Regulation (GDPR) defines the principle of Integrity and Confidentiality, and implicitly calls for the adoption of authorization systems for regulating the access to personal data. We present here a process development life cycle for the specification, deployment and testing of authorization systems. The life cycle targets legal aspects, such as the data usage purpose, the user consent and the data retention period. We also present its preliminary architecture where available solutions for extracting, implementing and testing the data protection regulation are integrated. The objective is to propose for the first time a unique improved solution for addressing different aspects of the GDPR development and enforcement along all the life cycle phases.Source: 4th Italian Conference on Cyber Security, ITASEC 2020, Ancona, Italy, 05-07/02/2020
Project(s): CyberSec4Europe
Said D., Marchetti E.
The General Data Protection Regulation (GDPR) defines the principle of Integrity and Confidentiality, and implicitly calls for the adoption of authorization systems for regulating the access to personal data. We present here a process development life cycle for the specification, deployment and testing of authorization systems. The life cycle targets legal aspects, such as the data usage purpose, the user consent and the data retention period. We also present its preliminary architecture where available solutions for extracting, implementing and testing the data protection regulation are integrated. The objective is to propose for the first time a unique improved solution for addressing different aspects of the GDPR development and enforcement along all the life cycle phases.Source: 4th Italian Conference on Cyber Security, ITASEC 2020, Ancona, Italy, 05-07/02/2020
Project(s): CyberSec4Europe
See at:
ceur-ws.org | ISTI Repository | CNR ExploRA
2020
Conference article
Open Access
Defining controlled experiments inside the access control environment
Daoudagh S., Marchetti E.
In ICT systems and modern applications access control systems are important mechanisms for managing resources and data access. Their criticality requires high security levels and consequently, the application of effective and efficient testing approaches. In this paper we propose standardized guidelines for correctly and systematically performing the testing process in order to avoid errors and improve the effectiveness of the validation. We focus in particular on Controlled Experiments, and we provide here a characterization of the first three steps of the experiment process (i.e., Scoping, Planning and Operation) by the adoption of the Goal- Question-Metric template. The specialization of the three phases is provided through a concrete example.Source: 8th International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2020; Valletta, pp. 167–176, Valletta, Malta, 25-27 February, 2020
DOI: 10.5220/0009358201670176
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
In ICT systems and modern applications access control systems are important mechanisms for managing resources and data access. Their criticality requires high security levels and consequently, the application of effective and efficient testing approaches. In this paper we propose standardized guidelines for correctly and systematically performing the testing process in order to avoid errors and improve the effectiveness of the validation. We focus in particular on Controlled Experiments, and we provide here a characterization of the first three steps of the experiment process (i.e., Scoping, Planning and Operation) by the adoption of the Goal- Question-Metric template. The specialization of the three phases is provided through a concrete example.Source: 8th International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2020; Valletta, pp. 167–176, Valletta, Malta, 25-27 February, 2020
DOI: 10.5220/0009358201670176
Project(s): CyberSec4Europe
Metrics:
See at:
ISTI Repository | www.scitepress.org | doi.org | www.scopus.com | CNR ExploRA
2021
Conference article
Restricted
GRADUATION: a GDPR-based mutation methodology
Daoudagh S., Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.Source: QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, pp. 311–324, Online conference, 08-10/09/2021
DOI: 10.1007/978-3-030-85347-1_23
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.Source: QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, pp. 311–324, Online conference, 08-10/09/2021
DOI: 10.1007/978-3-030-85347-1_23
Project(s): CyberSec4Europe
Metrics:
See at:
link.springer.com | link.springer.com | CNR ExploRA
2021
Conference article
Open Access
How to improve the GDPR compliance through consent management and access control
Daoudagh S., Marchetti E., Savarino V., Di Bernardo R., Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.Source: ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, pp. 534–541, Online conference, 11-13/02/2021
DOI: 10.5220/0010260205340541
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E., Savarino V., Di Bernardo R., Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.Source: ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, pp. 534–541, Online conference, 11-13/02/2021
DOI: 10.5220/0010260205340541
Project(s): CyberSec4Europe
Metrics:
See at:
doi.org | ISTI Repository | www.scitepress.org | www.scopus.com | CNR ExploRA
2021
Journal article
Open Access
Data protection by design in the context of smart cities: a consent and access control proposal
Daoudagh S, Marchetti E., Savarino V., Bernal Bernabe J., Garcia Rodriguez J., Torres Moreno R., Martinez J. A., Skarmeta A. F.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Source: Sensors (Basel) 21 (2021). doi:10.3390/s21217154
DOI: 10.3390/s21217154
Project(s): CyberSec4Europe
Metrics:
Daoudagh S, Marchetti E., Savarino V., Bernal Bernabe J., Garcia Rodriguez J., Torres Moreno R., Martinez J. A., Skarmeta A. F.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Source: Sensors (Basel) 21 (2021). doi:10.3390/s21217154
DOI: 10.3390/s21217154
Project(s): CyberSec4Europe
Metrics:
See at:
Sensors | ISTI Repository | Sensors | Sensors | CNR ExploRA
2022
Conference article
Open Access
GROOT: a GDPR-based combinatorial testing approach
Daoudagh S., Marchetti E.
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.Source: ICTSS 2021 - 33rd IFIP WG 6.1 International Conference on Testing Software Systems, pp. 210–217, London, UK, 10-11/11/2021
DOI: 10.1007/978-3-031-04673-5_17
Project(s): BIECO, CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.Source: ICTSS 2021 - 33rd IFIP WG 6.1 International Conference on Testing Software Systems, pp. 210–217, London, UK, 10-11/11/2021
DOI: 10.1007/978-3-031-04673-5_17
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2022
Conference article
Open Access
Predictive simulation for building trust within service-based ecosystems
Cioroaica E., Daoudagh S., Marchetti E.
Modern vehicles extend their system components outside the typical physical body, relying on functionalities provided by off-board resources within complex digital ecosystems. Focusing on the service-based connection within automotive smart ecosystems, in this paper we present the method of predictive simulation, based on the synergistic combination of Digital Twin execution and interface-based testing approaches, used for building trust in the interactions between a safety critical system and third parties.Source: PerCom Workshops 2022 - IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 34–37, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767457
Project(s): BIECO
Metrics:
Cioroaica E., Daoudagh S., Marchetti E.
Modern vehicles extend their system components outside the typical physical body, relying on functionalities provided by off-board resources within complex digital ecosystems. Focusing on the service-based connection within automotive smart ecosystems, in this paper we present the method of predictive simulation, based on the synergistic combination of Digital Twin execution and interface-based testing approaches, used for building trust in the interactions between a safety critical system and third parties.Source: PerCom Workshops 2022 - IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 34–37, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767457
Project(s): BIECO
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2022
Conference article
Open Access
The GDPR compliance and access control systems: challenges and research opportunities
Daoudagh S., Marchetti E.
The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.Source: ICISSP 2022 - 8th International Conference on Information Systems Security and Privacy, pp. 571–578, Online conference, 09-11/02/2022
DOI: 10.5220/0010912300003120
Project(s): COVR, BIECO , CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.Source: ICISSP 2022 - 8th International Conference on Information Systems Security and Privacy, pp. 571–578, Online conference, 09-11/02/2022
DOI: 10.5220/0010912300003120
Project(s): COVR
, BIECO , CyberSec4Europe Metrics:
See at:
doi.org | ISTI Repository | ISTI Repository | www.scitepress.org | CNR ExploRA
2023
Conference article
Open Access
Breakthroughs in testing and certification in cybersecurity: research gaps and open problems
Daoudagh S., Marchetti E.
Software and hardware systems are becoming increasingly complex and interconnected, making their testing and certification more challenging, considering cybersecurity aspects. The trustworthiness, security, and quality of these systems call for innovative approaches to testing and certifications. This paper provides an overview of some of the most promising research directions in software and hardware testing and certification in the cybersecurity area. It outlines some of the critical challenges and opportunities for future research. We discuss each approach's potential benefits and challenges, highlight some key research questions to be addressed in each area, and investigate how they can be used to promote "Full Quality - positive-sum, not zero-sum" in developing software and hardware systems.Source: ITASEC2023 - Italian Conference on CyberSecurity, Bari, Italy, 03-05/05/2023
Project(s): BIECO, CyberSec4Europe
Daoudagh S., Marchetti E.
Software and hardware systems are becoming increasingly complex and interconnected, making their testing and certification more challenging, considering cybersecurity aspects. The trustworthiness, security, and quality of these systems call for innovative approaches to testing and certifications. This paper provides an overview of some of the most promising research directions in software and hardware testing and certification in the cybersecurity area. It outlines some of the critical challenges and opportunities for future research. We discuss each approach's potential benefits and challenges, highlight some key research questions to be addressed in each area, and investigate how they can be used to promote "Full Quality - positive-sum, not zero-sum" in developing software and hardware systems.Source: ITASEC2023 - Italian Conference on CyberSecurity, Bari, Italy, 03-05/05/2023
Project(s): BIECO
, CyberSec4Europe
See at:
ISTI Repository | ceur-ws.org | CNR ExploRA
2010
Report
Unknown
Generazione automatica di casi di test per sistemi di controllo degli accessi espressi tramite XACML
Daoudagh S., Lonetti F., Marchetti E.
XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this document, we describe the architecture of a proposed framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies.Source: ISTI Technical reports, 2010
Daoudagh S., Lonetti F., Marchetti E.
XACML is the standard specification language for access control decision systems. A common approach for validating XACML access control policies is to test a dedicated software component within the access control system, called a Policy Decision Point (PDP), with a set of XACML requests. In this document, we describe the architecture of a proposed framework, called X-CREATE, for the systematic generation of a test suite of requests for access control systems. Differently from existing tools for policy testing that are based only on the policy specification, X-CREATE also exploits the XACML Context Schema for XACML requests specification. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies.Source: ISTI Technical reports, 2010
See at: CNR ExploRA
2012
Report
Unknown
Modelling and testing of XACML policies
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.Source: ISTI Technical reports, 2012
Project(s): NESSOS
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Access control policies specify which subjects can access which resources under which conditions. XACML is the de-facto standard language for access control decision systems. As the size and complexity of XACML policies grow, ensuring that they properly implement the intended regulations becomes a compelling and challenging task. Policy testing consists of submitting a set of XACML requests to the policy evaluation engine and checking whether its responses grant or deny the requested access as expected. To improve manual derivation of test requests, which may be tedious and error-prone, various approaches have been recently proposed, such as random or combinatorial. However such approaches do not provide a verdict oracle, and do not consider policy functions semantics. In this paper, we introduce XACMET, a novel model-based approach to systematic generation of XACML test requests, which 1) represents the given XACML policy as a typed graph; and 2) derives a set of test requests via fullpath coverage of this graph. We implemented the approach in a prototype tool and evaluated it on 14 real-world policies against a combinatorial approach. The preliminary results show that XACMET achieves a same or higher fault-detection effectiveness, in some cases even employing a smaller number of test requests.Source: ISTI Technical reports, 2012
Project(s): NESSOS
See at: CNR ExploRA
2012
Software
Unknown
XaCml REquests derivAtion for TEsting.
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
X-CREATE is a framework for the automated derivation of a test suite starting by a XACML policy. It implements different tests derivation strategies based on combinatorial approaches of the policy values.
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
X-CREATE is a framework for the automated derivation of a test suite starting by a XACML policy. It implements different tests derivation strategies based on combinatorial approaches of the policy values.
See at: labsedc.isti.cnr.it | CNR ExploRA
2012
Conference article
Restricted
Automatic XACML requests generation for policy testing.
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies.Source: IEEE Fifth International Conference on Software Testing, Verification and Validation. The Third International Workshop on Security Testing, pp. 842–849, Montreal, QC, Canada, 17-21 April 2012
DOI: 10.1109/icst.2012.185
Project(s): CHOREOS
Metrics:
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Access control policies are usually specified by the XACML language. However, policy definition could be an error prone process, because of the many constraints and rules that have to be specified. In order to increase the confidence on defined XACML policies, an accurate testing activity could be a valid solution. The typical policy testing is performed by deriving specific test cases, i.e. XACML requests, that are executed by means of a PDP implementation, so to evidence possible security lacks or problems. Thus the fault detection effectiveness of derived test suite is a fundamental property. To evaluate the performance of the applied test strategy and consequently of the test suite, a commonly adopted methodology is using mutation testing. In this paper, we propose two different methodologies for deriving XACML requests, that are defined independently from the policy under test. The proposals exploit the values of the XACML policy for better customizing the generated requests and providing a more effective test suite. The proposed methodologies have been compared in terms of their fault detection effectiveness by the application of mutation testing on a set of real policies.Source: IEEE Fifth International Conference on Software Testing, Verification and Validation. The Third International Workshop on Security Testing, pp. 842–849, Montreal, QC, Canada, 17-21 April 2012
DOI: 10.1109/icst.2012.185
Project(s): CHOREOS
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2012
Conference article
Restricted
The X-CREATE framework: a comparison of XACML policy testing strategies
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
The specification of access control policies with the XACML language could be an error prone process, so a testing is usually the solution for increasing the confidence on the policy itself. In this paper, we compare two methodologies for deriving test cases for policy testing, i.e. XACML requests, that are implemented in the X-CREATE tool. We consider a simple combinatorial strategy and a XML-based approach (XPT) which exploit policy values and the XACML Context Schema. A stopping criterion for the test cases generation is also provided and used for the comparison of the strategies in terms of fault detection effectiveness.Source: 8th International Conference on Web Information Systems and Technologies, pp. 155–160, Porto, Portugal, 18-21 April 2012
Project(s): NESSOS
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
The specification of access control policies with the XACML language could be an error prone process, so a testing is usually the solution for increasing the confidence on the policy itself. In this paper, we compare two methodologies for deriving test cases for policy testing, i.e. XACML requests, that are implemented in the X-CREATE tool. We consider a simple combinatorial strategy and a XML-based approach (XPT) which exploit policy values and the XACML Context Schema. A stopping criterion for the test cases generation is also provided and used for the comparison of the strategies in terms of fault detection effectiveness.Source: 8th International Conference on Web Information Systems and Technologies, pp. 155–160, Porto, Portugal, 18-21 April 2012
Project(s): NESSOS
See at:
www.nessos-project.eu | CNR ExploRA
2013
Journal article
Open Access
Automated testing of eXtensible access control markup language-based access control systems
Bertolino A., Daoudagh S., Lonetti F., Marchetti E., Schilders L.
The trustworthiness of sensitive data needs to be guaranteed and testing is a common activity among privacy protection solutions, even if quite expensive. Accesses to data and resources are ruled by the policy decision point (PDP), which relies on the eXtensible Access Control Markup Language (XACML) standard language for specifying access rights. In this study, the authors propose a testing strategy for automatically deriving test requests from a XACML policy and describe their pilot experience in test automation using this strategy. Considering a real two-level PDP implemented for health data security, the authors compare the effectiveness of the test plan automatically derived with the one derived by a standard manual testing process.Source: IET software (Print) 7 (2013): 203–212. doi:10.1049/iet-sen.2012.0101
DOI: 10.1049/iet-sen.2012.0101
Project(s): NESSOS
Metrics:
Bertolino A., Daoudagh S., Lonetti F., Marchetti E., Schilders L.
The trustworthiness of sensitive data needs to be guaranteed and testing is a common activity among privacy protection solutions, even if quite expensive. Accesses to data and resources are ruled by the policy decision point (PDP), which relies on the eXtensible Access Control Markup Language (XACML) standard language for specifying access rights. In this study, the authors propose a testing strategy for automatically deriving test requests from a XACML policy and describe their pilot experience in test automation using this strategy. Considering a real two-level PDP implemented for health data security, the authors compare the effectiveness of the test plan automatically derived with the one derived by a standard manual testing process.Source: IET software (Print) 7 (2013): 203–212. doi:10.1049/iet-sen.2012.0101
DOI: 10.1049/iet-sen.2012.0101
Project(s): NESSOS
Metrics:
See at:
IET Software | digital-library.theiet.org | CNR ExploRA
2013
Conference article
Restricted
A toolchain for designing and testing XACML policies
Bertolino A., Busch M., Daoudagh S., Koch N., Lonetti F., Marchetti E.
Sommario in IngleseAccess control mechanisms are defined by means of XACML policies in many application domains. Model-driven approaches: i)allow to overcome difficulties in the XACML policy definition; ii)can hide inaccuracies and weaknesses of security mechanisms. Testing is a key activity for assessing compliance of a XACML policy with the initial model. We propose a Toolchain for supporting users in testing access control policies modeled with UWE.Source: ICST - IEEE Sixth International Conference on Software Testing, Verification and Validation, pp. 495–496, Luxembourg, 18-22 March 2013
DOI: 10.1109/icst.2013.70
Project(s): NESSOS
Metrics:
Bertolino A., Busch M., Daoudagh S., Koch N., Lonetti F., Marchetti E.
Sommario in IngleseAccess control mechanisms are defined by means of XACML policies in many application domains. Model-driven approaches: i)allow to overcome difficulties in the XACML policy definition; ii)can hide inaccuracies and weaknesses of security mechanisms. Testing is a key activity for assessing compliance of a XACML policy with the initial model. We propose a Toolchain for supporting users in testing access control policies modeled with UWE.Source: ICST - IEEE Sixth International Conference on Software Testing, Verification and Validation, pp. 495–496, Luxembourg, 18-22 March 2013
DOI: 10.1109/icst.2013.70
Project(s): NESSOS
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2013
Conference article
Restricted
XACMUT: XACML 2.0 Mutants generator
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Testing of security policies is a critical activity and mutation analysis is an effective approach for measuring the adequacy of a test suite. In this paper, we propose a set of mutation operators addressing specific faults of the XACML 2.0 access control policy and a tool, called XACMUT (XACml MUTation) for creating mutants. The tool generates the set of mutants, provides facilities to run a given test suite on the mutants set and computes the test suite effectiveness in terms of mutation score. The tool includes and enhances the mutation operators of existing security policy mutation approaches.Source: NESSOS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems, pp. 28–33, Luxembourg, 18 March 2013
DOI: 10.1109/icstw.2013.11
Project(s): NESSOS
Metrics:
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Testing of security policies is a critical activity and mutation analysis is an effective approach for measuring the adequacy of a test suite. In this paper, we propose a set of mutation operators addressing specific faults of the XACML 2.0 access control policy and a tool, called XACMUT (XACml MUTation) for creating mutants. The tool generates the set of mutants, provides facilities to run a given test suite on the mutants set and computes the test suite effectiveness in terms of mutation score. The tool includes and enhances the mutation operators of existing security policy mutation approaches.Source: NESSOS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems, pp. 28–33, Luxembourg, 18 March 2013
DOI: 10.1109/icstw.2013.11
Project(s): NESSOS
Metrics:
See at:
doi.org | CNR ExploRA