Skip to main content
SpringerLink
Log in

XACMET: XACML Testing & Modeling

An automated model-based testing solution for access control systems

  • Published:
Software Quality Journal Aims and scope Submit manuscript

Abstract

In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive testing activity consisting in probing such a component with a set of requests and checking whether its responses grant or deny the requested access as specified in the policy. Existing approaches for improving manual derivation of test requests such as combinatorial ones do not consider policy function semantics and do not provide a verdict oracle. In this paper, we introduce XACMET, a novel approach for systematic generation of XACML requests as well as automated model-based oracle derivation. The main features of XACMET are as follows: (i) it defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation; (ii) it derives a set of test requests via full-path coverage of this graph; (iii) it derives automatically the expected verdict of a specific request execution by executing the corresponding path in such graph; (iv) it allows us to measure coverage assessment of a given test suite. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Listing 1
Listing 2
Fig. 3
Fig. 4
Fig. 5
Listing 3

Similar content being viewed by others

Notes

  1. The current implementation of the presented approach is compliant with XACML 2.0 but it can be easily extended to address the functionalities of XACML 3.0.

  2. Note that whereas book is a resource value taken from the policy, article and journal are random values assigned by the algorithm.

  3. The tool is available at http://labsedc-wiki.isti.cnr.it/labsedc/tools/xacmet/public/main

  4. Fedora Commons Repository Software. http://fedora-commons.org.

  5. Trusted Architecture for Securely Shared Services. http://www.tas3.eu.

  6. Sun PDP is available at: http://sunxacml.sourceforge.net.

  7. Sun PDP is available at: http://sunxacml.sourceforge.net.

  8. Herasaf PDP is available at: https://bitbucket.org/herasaf/herasaf-xacml-core.

  9. Balana PDP is available at: https://github.com/wso2/balana.

References

  • Apt, K. (2003). Principles of constraint programming. Cambridge: Cambridge University Press.

    Book  Google Scholar 

  • Barr, E.T., Harman, M., McMinn, P., Shahbaz, M., & Yoo, S. (2015). The oracle problem in software testing: a survey. IEEE Transactions on Software Engineering, 41(5), 507–525.

    Article  Google Scholar 

  • Bertolino, A., Daoudagh, S., Lonetti, F., & Marchetti, E. (2018). An automated model-based test oracle for access control systems. In Proceedings of the 13th International Workshop on Automation of Software Test, AST ’18. https://doi.org/10.1145/3194733.3194743. http://doi.acm.org/10.1145/3194733.3194743 (pp. 2–8). New York: ACM.

  • Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., & Mori, P. (2014). Testing of polpa-based usage control systems. Software Quality Journal, 22(2), 241–271.

    Article  Google Scholar 

  • Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., & Schilders, L. (2013). Automated testing of extensible access control markup language-based access control systems. IET Software, 7(4), 203– 212.

    Article  Google Scholar 

  • Bertolino, A., Le Traon, Y., Lonetti, F., Marchetti, E., & Mouelhi, T. (2014). Coverage-based test cases selection for xacml policies. In Proceedings of ICST Workshops (pp. 12–21).

  • Bertolino, A., Lonetti, F., & Marchetti, E. (2010). Systematic XACML request generation for testing purposes. In Proc. of 36th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA) (pp. 3–11).

  • Calabrò, A., Lonetti, F., & Marchetti, E. (2017). Access control policy coverage assessment through monitoring. In Proc. of TELERISE (pp. 373–383).

  • Daoudagh, S., El Kateb, D., Lonetti, F., Marchetti, E., & Mouelhi, T. (2015). A toolchain for model-based design and testing of access control systems. In Proc.of MODELSWARD (pp. 411–418): IEEE.

  • Daoudagh, S., Lonetti, F., & Marchetti, E. (2015). Assessment of access control systems using mutation testing. In Proceedings of the First International Workshop on Technical and Legal Aspects of Data Privacy (pp. 8–13): IEEE Press.

  • Daoudagh, S., Lonetti, F., & Marchetti, E. (2019). A decentralized solution for combinatorial testing of access control engine. In Proceedings of the 5th International Conference on Information Systems Security and Privacy, ICISSP’19.

  • Fisler, K., Krishnamurthi, S., Meyerovich, L., & Tschantz, M. (2005). Verification and change-impact analysis of access-control policies. In Proc. of ICSE (pp. 196–205).

  • Hu, V.C., Kuhn, R., & Yaga, D. (2017). Verification and test methods for access control policies/models. NIST Special Publication, 800, 192.

    Google Scholar 

  • Hwang, J., Martin, E., Xie, T., & Hu, V.C. (2011). Policy-based testing. In Encyclopedia of software engineering (pp. 673–683): Taylor & Francis.

  • Hwang, J., Xie, T., Hu, V., & Altunay, M. (2010). Acpt: a tool for modeling and verifying access control policies. In Proc. of International Symposium on Policies for Distributed Systems and Networks (POLICY) (pp. 40–43).

  • Kuchcinski, K., & Szymanek, R. (2013). Jacop-java constraint programming solver. In CP Solvers: Modeling, Applications, Integration, and Standardization, Co-located with the 19th International Conference on Principles and Practice of Constraint Programming.

  • Li, A., Li, Q., Hu, V.C., & Di, J. (2015). Evaluating the capability and performance of access control policy verification tools. In Proc. of MILCOM (pp. 366–371).

  • Li, B., Sun, X., Leung, H., & Zhang, S. (2013). A survey of code-based change impact analysis techniques. Software Testing Verification and Reliability, 23(8), 613–646.

    Article  Google Scholar 

  • Li, N., Hwang, J., & Xie, T. (2008). Multiple-implementation testing for XACML implementations. In Proc. of TAV-WEB (pp. 27–33).

  • Li, Y., Li, Y., Wang, L., & Chen, G. (2014). Automatic XACML requests generation for testing access control policies. In SEKE (pp. 217–222).

  • Lonetti, F., & Marchetti, E. (2018). On-line tracing of XACML-based policy coverage criteria. IET Software.

  • Ma, Y.S., Offutt, J., & Kwon, Y.R. (2006). Mujava: a mutation system for java. In Proceedings of the 28th international conference on Software engineering (pp. 827–830): ACM.

  • Martin, E., & Xie, T. (2006). Automated test generation for access control policies. In Supplemental proc. of ISSRE.

  • Martin, E., & Xie, T. (2007). Automated test generation for access control policies via change-impact analysis. In Proc. of Third International Workshop on Software Engineering for Secure Systems (SESS) (pp. 5–12).

  • Martin, E., & Xie, T. (2007). A fault model and mutation testing of access control policies. In Proc. of WWW (pp. 667–676).

  • Martin, E., Xie, T., & Yu, T. (2006). Defining and measuring policy coverage in testing access control policies. In Proc. of ICICS (pp. 139–158).

  • Martin, E., Xie, T., & Yu, T. (2006). Defining and measuring policy coverage in testing access control policies. In International Conference on Information and Communications Security (pp. 139–158): Springer.

  • OASIS. (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.

  • OASIS. (2005). XACML 2.0 Conformance Tests v0.4. https://www.oasis-open.org/committees/document.php?document_id=14846.

  • Papadakis, M., Kintis, M., Zhang, J., Jia, Y., Le Traon, Y., & Harman, M. (2017). Mutation testing advances: an analysis and survey. Advances in Computers.

  • Pina Ros, S., Lischka, M., & Gómez Mármol, F. (2012). Graph-based xacml evaluation. In Proc. of the 17th ACM Symposium on Access Control Models and Technologies (pp. 83–92).

  • Pretschner, A., Mouelhi, T., & Le Traon, Y. (2008). Model-based tests for access control policies. In Proc. of ICST (pp. 338–347).

  • Shahid, M., Ibrahim, S., & Mahrin, M.N. (2011). A study on test coverage in software testing. Advanced Informatics School (AIS), Universiti Teknologi Malaysia, International Campus, Jalan Semarak, Kuala Lumpur Malaysia.

  • Turkmen, F., den Hartog, J., Ranise, S., & Zannone, N. (2015). Analysis of xacml policies with smt. In Proc. of International Conference on Principles of Security and Trust (pp. 115–134): Springer.

  • Xu, D., Kent, M., Thomas, L., Mouelhi, T., & Le Traon, Y. (2015). Automated model-based testing of role-based access control using predicate/transition nets. IEEE Transactions on Computers, 64(9), 2490– 2505.

    Article  MathSciNet  Google Scholar 

  • Xu, D., Shrestha, R., & Shen, N. (2018). Automated coverage-based testing of xacml policies. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (pp. 3–14): ACM.

  • Xu, D., Wang, Z., Peng, S., & Shen, N. (2016). Automated fault localization of xacml policies. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, SACMAT ’16. https://doi.org/10.1145/2914642.2914653. http://doi.acm.org/10.1145/2914642.2914653 (pp. 137–147). New York: ACM.

  • Xu, D., & Zhang, Y. (2014). Specification and analysis of attribute-based access control policies: an overview. In Proc. of Eighth International Conference on Software Security and Reliability-Companion (SERE-c) (pp. 41–49): IEEE.

  • Zhang, N., Ryan, M., & Guelev, D. (2005). Evaluating access control policies through model checking. In Information Security, Lecture Notes in Computer Science, (Vol. 3650 pp. 446–460).

  • Zhang, Y., & Zhang, B. (2017). A new testing method for xacml 3.0 policy based on abac and data flow. In 2017 13th IEEE International Conference on Control Automation (ICCA). https://doi.org/10.1109/ICCA.2017.8003052 (pp. 160–164).

Download references

Acknowledgments

This work is partially supported by CyberSec4Europe Grant agreement ID: 830929, and by the FNR CORE project C16/IS/11333956 “DAPRECO: DAta Protection REgulation COmpliance”.

Author information

Authors and Affiliations

  1. CNR-ISTI, Via G. Moruzzi 1, 56124, Pisa, Italy

    Said Daoudagh, Francesca Lonetti & Eda Marchetti

  2. University of Pisa, Department of Computer Science, Largo B. Pontecorvo, 3 56127, Pisa, Italy

    Said Daoudagh

Authors
  1. Said Daoudagh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francesca Lonetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eda Marchetti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Said Daoudagh.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Daoudagh, S., Lonetti, F. & Marchetti, E. XACMET: XACML Testing & Modeling. Software Qual J 28, 249–282 (2020). https://doi.org/10.1007/s11219-019-09470-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11219-019-09470-5

Keywords

Search

Navigation