Abstract
In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive testing activity consisting in probing such a component with a set of requests and checking whether its responses grant or deny the requested access as specified in the policy. Existing approaches for improving manual derivation of test requests such as combinatorial ones do not consider policy function semantics and do not provide a verdict oracle. In this paper, we introduce XACMET, a novel approach for systematic generation of XACML requests as well as automated model-based oracle derivation. The main features of XACMET are as follows: (i) it defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation; (ii) it derives a set of test requests via full-path coverage of this graph; (iii) it derives automatically the expected verdict of a specific request execution by executing the corresponding path in such graph; (iv) it allows us to measure coverage assessment of a given test suite. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.
Similar content being viewed by others
Notes
The current implementation of the presented approach is compliant with XACML 2.0 but it can be easily extended to address the functionalities of XACML 3.0.
Note that whereas book is a resource value taken from the policy, article and journal are random values assigned by the algorithm.
The tool is available at http://labsedc-wiki.isti.cnr.it/labsedc/tools/xacmet/public/main
Fedora Commons Repository Software. http://fedora-commons.org.
Trusted Architecture for Securely Shared Services. http://www.tas3.eu.
Sun PDP is available at: http://sunxacml.sourceforge.net.
Sun PDP is available at: http://sunxacml.sourceforge.net.
Herasaf PDP is available at: https://bitbucket.org/herasaf/herasaf-xacml-core.
Balana PDP is available at: https://github.com/wso2/balana.
References
Apt, K. (2003). Principles of constraint programming. Cambridge: Cambridge University Press.
Barr, E.T., Harman, M., McMinn, P., Shahbaz, M., & Yoo, S. (2015). The oracle problem in software testing: a survey. IEEE Transactions on Software Engineering, 41(5), 507–525.
Bertolino, A., Daoudagh, S., Lonetti, F., & Marchetti, E. (2018). An automated model-based test oracle for access control systems. In Proceedings of the 13th International Workshop on Automation of Software Test, AST ’18. https://doi.org/10.1145/3194733.3194743. http://doi.acm.org/10.1145/3194733.3194743 (pp. 2–8). New York: ACM.
Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., & Mori, P. (2014). Testing of polpa-based usage control systems. Software Quality Journal, 22(2), 241–271.
Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., & Schilders, L. (2013). Automated testing of extensible access control markup language-based access control systems. IET Software, 7(4), 203– 212.
Bertolino, A., Le Traon, Y., Lonetti, F., Marchetti, E., & Mouelhi, T. (2014). Coverage-based test cases selection for xacml policies. In Proceedings of ICST Workshops (pp. 12–21).
Bertolino, A., Lonetti, F., & Marchetti, E. (2010). Systematic XACML request generation for testing purposes. In Proc. of 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA) (pp. 3–11).
Calabrò, A., Lonetti, F., & Marchetti, E. (2017). Access control policy coverage assessment through monitoring. In Proc. of TELERISE (pp. 373–383).
Daoudagh, S., El Kateb, D., Lonetti, F., Marchetti, E., & Mouelhi, T. (2015). A toolchain for model-based design and testing of access control systems. In Proc.of MODELSWARD (pp. 411–418): IEEE.
Daoudagh, S., Lonetti, F., & Marchetti, E. (2015). Assessment of access control systems using mutation testing. In Proceedings of the First International Workshop on Technical and Legal Aspects of Data Privacy (pp. 8–13): IEEE Press.
Daoudagh, S., Lonetti, F., & Marchetti, E. (2019). A decentralized solution for combinatorial testing of access control engine. In Proceedings of the 5th International Conference on Information Systems Security and Privacy, ICISSP’19.
Fisler, K., Krishnamurthi, S., Meyerovich, L., & Tschantz, M. (2005). Verification and change-impact analysis of access-control policies. In Proc. of ICSE (pp. 196–205).
Hu, V.C., Kuhn, R., & Yaga, D. (2017). Verification and test methods for access control policies/models. NIST Special Publication, 800, 192.
Hwang, J., Martin, E., Xie, T., & Hu, V.C. (2011). Policy-based testing. In Encyclopedia of software engineering (pp. 673–683): Taylor & Francis.
Hwang, J., Xie, T., Hu, V., & Altunay, M. (2010). Acpt: a tool for modeling and verifying access control policies. In Proc. of International Symposium on Policies for Distributed Systems and Networks (POLICY) (pp. 40–43).
Kuchcinski, K., & Szymanek, R. (2013). Jacop-java constraint programming solver. In CP Solvers: Modeling, Applications, Integration, and Standardization, Co-located with the 19th International Conference on Principles and Practice of Constraint Programming.
Li, A., Li, Q., Hu, V.C., & Di, J. (2015). Evaluating the capability and performance of access control policy verification tools. In Proc. of MILCOM (pp. 366–371).
Li, B., Sun, X., Leung, H., & Zhang, S. (2013). A survey of code-based change impact analysis techniques. Software Testing Verification and Reliability, 23(8), 613–646.
Li, N., Hwang, J., & Xie, T. (2008). Multiple-implementation testing for XACML implementations. In Proc. of TAV-WEB (pp. 27–33).
Li, Y., Li, Y., Wang, L., & Chen, G. (2014). Automatic XACML requests generation for testing access control policies. In SEKE (pp. 217–222).
Lonetti, F., & Marchetti, E. (2018). On-line tracing of XACML-based policy coverage criteria. IET Software.
Ma, Y.S., Offutt, J., & Kwon, Y.R. (2006). Mujava: a mutation system for java. In Proceedings of the 28th international conference on Software engineering (pp. 827–830): ACM.
Martin, E., & Xie, T. (2006). Automated test generation for access control policies. In Supplemental proc. of ISSRE.
Martin, E., & Xie, T. (2007). Automated test generation for access control policies via change-impact analysis. In Proc. of Third International Workshop on Software Engineering for Secure Systems (SESS) (pp. 5–12).
Martin, E., & Xie, T. (2007). A fault model and mutation testing of access control policies. In Proc. of WWW (pp. 667–676).
Martin, E., Xie, T., & Yu, T. (2006). Defining and measuring policy coverage in testing access control policies. In Proc. of ICICS (pp. 139–158).
Martin, E., Xie, T., & Yu, T. (2006). Defining and measuring policy coverage in testing access control policies. In International Conference on Information and Communications Security (pp. 139–158): Springer.
OASIS. (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
OASIS. (2005). XACML 2.0 Conformance Tests v0.4. https://www.oasis-open.org/committees/document.php?document_id=14846.
Papadakis, M., Kintis, M., Zhang, J., Jia, Y., Le Traon, Y., & Harman, M. (2017). Mutation testing advances: an analysis and survey. Advances in Computers.
Pina Ros, S., Lischka, M., & Gómez Mármol, F. (2012). Graph-based xacml evaluation. In Proc. of the 17th ACM Symposium on Access Control Models and Technologies (pp. 83–92).
Pretschner, A., Mouelhi, T., & Le Traon, Y. (2008). Model-based tests for access control policies. In Proc. of ICST (pp. 338–347).
Shahid, M., Ibrahim, S., & Mahrin, M.N. (2011). A study on test coverage in software testing. Advanced Informatics School (AIS), Universiti Teknologi Malaysia, International Campus, Jalan Semarak, Kuala Lumpur Malaysia.
Turkmen, F., den Hartog, J., Ranise, S., & Zannone, N. (2015). Analysis of xacml policies with smt. In Proc. of International Conference on Principles of Security and Trust (pp. 115–134): Springer.
Xu, D., Kent, M., Thomas, L., Mouelhi, T., & Le Traon, Y. (2015). Automated model-based testing of role-based access control using predicate/transition nets. IEEE Transactions on Computers, 64(9), 2490– 2505.
Xu, D., Shrestha, R., & Shen, N. (2018). Automated coverage-based testing of xacml policies. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (pp. 3–14): ACM.
Xu, D., Wang, Z., Peng, S., & Shen, N. (2016). Automated fault localization of xacml policies. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, SACMAT ’16. https://doi.org/10.1145/2914642.2914653. http://doi.acm.org/10.1145/2914642.2914653 (pp. 137–147). New York: ACM.
Xu, D., & Zhang, Y. (2014). Specification and analysis of attribute-based access control policies: an overview. In Proc. of Eighth International Conference on Software Security and Reliability-Companion (SERE-c) (pp. 41–49): IEEE.
Zhang, N., Ryan, M., & Guelev, D. (2005). Evaluating access control policies through model checking. In Information Security, Lecture Notes in Computer Science, (Vol. 3650 pp. 446–460).
Zhang, Y., & Zhang, B. (2017). A new testing method for xacml 3.0 policy based on abac and data flow. In 2017 13th IEEE International Conference on Control Automation (ICCA). https://doi.org/10.1109/ICCA.2017.8003052 (pp. 160–164).
Acknowledgments
This work is partially supported by CyberSec4Europe Grant agreement ID: 830929, and by the FNR CORE project C16/IS/11333956 “DAPRECO: DAta Protection REgulation COmpliance”.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Daoudagh, S., Lonetti, F. & Marchetti, E. XACMET: XACML Testing & Modeling. Software Qual J 28, 249–282 (2020). https://doi.org/10.1007/s11219-019-09470-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-019-09470-5