TY - GEN
T1 - Defining and measuring policy coverage in testing access control policies
AU - Martin, Evan
AU - Xie, Tao
AU - Yu, Ting
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2006.
PY - 2006
Y1 - 2006
N2 - To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.
AB - To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.
UR - http://www.scopus.com/inward/record.url?scp=85009095825&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85009095825&partnerID=8YFLogxK
U2 - 10.1007/11935308_11
DO - 10.1007/11935308_11
M3 - Conference contribution
AN - SCOPUS:85009095825
SN - 9783540494966
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 139
EP - 158
BT - Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings
A2 - Ning, Peng
A2 - Qing, Sihan
A2 - Li, Ninghui
PB - Springer
T2 - 8th International Conference on Information and Communications Security, ICICS 2006
Y2 - 4 December 2006 through 7 December 2006
ER -