Paper Info
Title
An Automated Testing Framework of Model-Driven Tools for XACML Policy Specification
Abstract
Access Control is among the most important security mechanisms to put in place in order to secure applications. XACML is the de facto standard for storing and deploying access control policies. However, due to the complexity of the XACML language, policy definition becomes a difficult and error prone process. In recent years, the combined use of models for the access control policy specification, and the model-to-code facilities, for the automatic transformation of the model into the XACML language, has been proposed as a possible solution. These model-driven methodologies and facilities need to be thoroughly validated and verified. In this paper we provide an integrated framework for testing the automatic translation of the specification of an access control model into an XACML policy. The framework includes different test strategies for the derivation of test cases and some facilities for making easier their execution against the XACML policy and the test results collection and analysis. In addition, we illustrate the use of the framework on a case study.
Year
DOI
Venue
2014
10.1109/QUATIC.2014.17
Quality of Information and Communications Technology
Keywords
Field
DocType
authorisation,formal specification,program testing,XACML language,XACML policy specification,access control model,access control policy specification,automated testing framework,model-driven tools,security mechanism,test case derivation,test results analysis,test results collection,access control,model-driven development,testing
De facto standard,Systems engineering,Model driven development,Software engineering,Computer science,XACML,Test case,Access control,Test strategy,Automatic translation,Database
Conference
Citations 
PageRank 
References 
0
0.34
15
Authors
4
Name
Order
Citations
PageRank
Bertolino, Antonia1282.82
Said Daoudagh29911.31
Francesca Lonetti300.34
E. Marchetti4403.16