Multiple-implementation testing for XACML implementations

Nuo Li, Jeehyun Hwang, Tao Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Many Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies. To ensure the quality of an XACML-based access-control system, we need an effective means to test whether the XACML implementation correctly implements XACML functionalities. The test inputs of an XACML implementation are XACML policies and requests. The test outputs are XACML responses. This paper proposes an approach to detect defects in XACML implementations via observing the behaviors of different XACML implementations for the same test inputs. As XACML has been widely used, we can collect different XACML implementations, and test them with the same XACML polices and requests to observe whether the different implementations produce different responses. Based on the analysis of different responses, we can detect defects in different XACML implementations. We show the feasibility of the proposed approach with a preliminary study on three XACML implementations.

Original languageEnglish (US)
Title of host publicationTAV-WEB 2008 - Proceedings of the Workshop on Testing, Analysis and Verification of Web Software
Pages27-33
Number of pages7
DOIs
StatePublished - Dec 16 2008
Externally publishedYes
EventWorkshop on Testing, Analysis and Verification of Web Software, TAV-WEB 2008 - Seattle, WA, United States
Duration: Jul 21 2008Jul 21 2008

Publication series

NameTAV-WEB 2008 - Proceedings of the Workshop on Testing, Analysis and Verification of Web Software

Other

OtherWorkshop on Testing, Analysis and Verification of Web Software, TAV-WEB 2008
CountryUnited States
CitySeattle, WA
Period7/21/087/21/08

    Fingerprint

Keywords

  • Access control policy
  • Multiple-implementation testing
  • Policy decision point
  • XACML

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Cite this

Li, N., Hwang, J., & Xie, T. (2008). Multiple-implementation testing for XACML implementations. In TAV-WEB 2008 - Proceedings of the Workshop on Testing, Analysis and Verification of Web Software (pp. 27-33). (TAV-WEB 2008 - Proceedings of the Workshop on Testing, Analysis and Verification of Web Software). https://doi.org/10.1145/1390832.1390837