An automated model-based test oracle for access control systems
Antonia Bertolino, Said Daoudagh, Francesca Lonetti, Eda Marchetti
TL;DR
This paper presents XACMET, an automated model-based oracle for XACML access control testing, which models policy evaluation with a graph to automatically determine expected verdicts, reducing manual effort.
Contribution
Introduction of XACMET, a novel approach using typed graphs to automate verdict derivation in XACML policy testing, improving efficiency and accuracy.
Findings
XACMET effectively automates verdict derivation for XACML policies.
The prototype validation confirms the approach's effectiveness.
XACMET reduces manual testing effort and improves testing accuracy.
Abstract
In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.