Assessment of Access Control Systems Using Mutation Testing

Daoudagh, Said; Lonetti, Francesca; Marchetti, Eda

doi:10.1109/telerise.2015.10

Cited by 9 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The mutation testing approach adopted in XMF and implemented in this component has been inspired by the seminal work of Daoudagh et al 17 Thus, adopting the idea that mutation technique is an effective way to assess the fault detection effectiveness of the different test strategies, instead of applying the mutations to the security policies as in Daoudagh et al, 17 here, the target is to apply mutation operators directly at the level of policy evaluation engine, that is, the PDP. The underling motivation is that even the mutation operators at policy level can be a quite effective means for simulating the most common faults of the XACML policy specification, however, due to the complexity of the PDP implementation and the specific characteristics of its implementation language, the proposed mutations do not exhaustively cover all the important criticalities of the PDP specification.…”

Section: Xacml Mutation Frameworkmentioning

confidence: 99%

An automated framework for continuous development and testing of access control systems

Daoudagh

Lonetti

Marchetti

2020

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Automated testing in DevOps represents a key factor for providing fast release of new software features assuring quality delivery. In this paper, we introduce DOXAT, an automated framework for continuous development and testing of access control mechanisms based on the XACML standard. It leverages mutation analysis for the selection and assessment of the test strategies and provides automated facilities for test oracle definition, test execution, and results analysis, in order to speedup and automate the Plan, Code, Build, and Test phases of DevOps process. We show the usage of the framework during the planning and testing phases of the software development cycle of a PDP example.

show abstract

Section: Xacml Mutation Frameworkmentioning

confidence: 99%

An automated framework for continuous development and testing of access control systems

Daoudagh

Lonetti

Marchetti

2020

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

show abstract

“…Finally, considering the use of monitoring engine for access control assessment, several general-purpose monitoring proposals are currently available, which can be mainly divided into two groups: those that are embedded in the execution engine (e.g., [ 49 , 50 ]) and those that can be integrated into the execution framework as an additional component (e.g., [ 8 , 51 , 52 ]). Both types of solutions have specific advantages.…”

Section: Related Workmentioning

confidence: 99%

Boosting a Low-Cost Smart Home Environment with Usage and Access Control Rules

Barsocchi

Calabrò

Ferro

et al. 2018

Sensors

Self Cite

View full text Add to dashboard Cite

Smart Home has gained widespread attention due to its flexible integration into everyday life. Pervasive sensing technologies are used to recognize and track the activities that people perform during the day, and to allow communication and cooperation of physical objects. Usually, the available infrastructures and applications leveraging these smart environments have a critical impact on the overall cost of the Smart Home construction, require to be preferably installed during the home construction and are still not user-centric. In this paper, we propose a low cost, easy to install, user-friendly, dynamic and flexible infrastructure able to perform runtime resources management by decoupling the different levels of control rules. The basic idea relies on the usage of off-the-shelf sensors and technologies to guarantee the regular exchange of critical information, without the necessity from the user to develop accurate models for managing resources or regulating their access/usage. This allows us to simplify the continuous updating and improvement, to reduce the maintenance effort and to improve residents’ living and security. A first validation of the proposed infrastructure on a case study is also presented.

show abstract

“…The policy adopted in this experiment (called Policy 1 in this paper) is a (Figure 3). It includes a policy set target (line 3) that is empty; a policy target (lines [8][9][10][11][12][13][14][15] allowing the access only to the books resource; a first rule (ruleA) (lines 19-36) with a target (lines 20-35) specifying that this rule applies only to the access requests of a read action of books resource with any environment; a second rule (ruleB) (lines 40-55), which effect is Deny when the subject is "Julius", the action is "write", the resource and environment are any resource and any environment respectively; a third rule (ruleC) (lines 59-81) that allows to subject "Julius" the action "write", if he is also "professor" or "administrator"; finally, the default rule (line 85) denies the access in the other cases.…”

Section: Two-round Application Examplementioning

confidence: 99%

“…Considering the automated test cases generation, solutions have been proposed for testing either the XACML policy or the PDP implementation [10, 19, 20]. Among them, the most referred ones are the Targen tool [21], the proposal of [22] and the already mentioned X‐CREATE tool [6, 10, 11].…”

Section: Related Workmentioning

confidence: 99%

“…Finally, concerning the adoption of monitoring facilities for coverage assessment, the work in [3] represents a preliminary attempt of an infrastructure for enabling coverage criterion selection and policy coverage assessment analysis. Several general‐purpose monitoring proposals are currently available, which can be mainly divided into two groups: those that are embedded in the execution engine such as [20, 23] and those that can be integrated into the execution framework as an additional component such as for instance [24]. Among the additional monitor facility in this paper, we refer to the monitoring framework called Glimpse [9], which is extremely flexible and adaptable to various scenarios and service oriented architecture (SOA) architecture patterns.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

On‐line tracing of XACML‐based policy coverage criteria

Lonetti

Marchetti

2018

IET softw.

Self Cite

View full text Add to dashboard Cite

Currently, XACML has becoming the standard for implementing access control policies and consequently more attention is dedicated to testing the correctness of XACML policies. In particular, coverage measures can be adopted for assessing test strategy effectiveness in exercising the policy elements. This paper introduces a set of XACML coverage criteria and describes the access control infrastructure, based on a monitor engine, enabling the coverage criterion selection and the on-line tracing of the testing activity. Examples of infrastructure usage and of assessment of different test strategies are provided.

show abstract

Assessment of Access Control Systems Using Mutation Testing

Cited by 9 publications

References 17 publications

An automated framework for continuous development and testing of access control systems

An automated framework for continuous development and testing of access control systems

Boosting a Low-Cost Smart Home Environment with Usage and Access Control Rules

On‐line tracing of XACML‐based policy coverage criteria

Contact Info

Product

Resources

About