Please use this identifier to cite or link to this item:
Title: New Approach for Testing the Correctness of Access Control Policies
Authors: Sharma, S
Jena, S K
Korra, S B
Keywords: access control policies
change impact analysis
Issue Date: 2009
Publisher: IEEE
Citation: IEEE International Advance Computing Conference 2009, Thapar University, Patiala, Punjab, India.
Abstract: To increase the confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (request) and subsequently checking test output (responses) against expected ones to enhance the correctness of specified policies. Testing of Access Control Policies along with the Application program is not a worthful practice. Unlike Software Testing we have the tools and technique for Access Control Policy Testing. Unfortunately, manual testing is tedious and time consuming job. We designed a model called ACPC (Access Control Policy Checker) which include mutation operators for comparing the original policy response with the response of mutant policy and check the correctness of the original policy. The ACPC includes two sections in first section we generate the requests set automatically which is previously not available and in second section we perform testing. This model uses the policy written in XACML (eXtensible Access Control Markup Language) [1] which is the standard language for writing Access Control Policies. We have used a tool called Margrave [8] for Change Impact Analysis and other programming languages like Java and C++ for building different module.
Appears in Collections:Conference Papers

Files in This Item:
File Description SizeFormat 
suraj.pdf189.49 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.