Defining and measuring policy coverage in testing access control policies

Evan Martin, Tao Xie, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

49 Citations (Scopus)

Abstract

To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.

Original languageEnglish
Title of host publicationInformation and Communications Security - 8th International Conference, ICICS 2006, Proceedings
PublisherSpringer Verlag
Pages139-158
Number of pages20
ISBN (Print)9783540494966
Publication statusPublished - 1 Jan 2006
Event8th International Conference on Information and Communications Security, ICICS 2006 - Raleigh, United States
Duration: 4 Dec 20067 Dec 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4307 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other8th International Conference on Information and Communications Security, ICICS 2006
CountryUnited States
CityRaleigh
Period4/12/067/12/06

Fingerprint

Control Policy
Access Control
Access control
Coverage
Testing
Fault detection
Specification languages
Security systems
Fault Detection
Policy
Experiments
Specification Languages
Software Components
Minimal Set
Confidence
Mutation
Probe

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Martin, E., Xie, T., & Yu, T. (2006). Defining and measuring policy coverage in testing access control policies. In Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings (pp. 139-158). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4307 LNCS). Springer Verlag.

Defining and measuring policy coverage in testing access control policies. / Martin, Evan; Xie, Tao; Yu, Ting.

Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings. Springer Verlag, 2006. p. 139-158 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4307 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Martin, E, Xie, T & Yu, T 2006, Defining and measuring policy coverage in testing access control policies. in Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4307 LNCS, Springer Verlag, pp. 139-158, 8th International Conference on Information and Communications Security, ICICS 2006, Raleigh, United States, 4/12/06.
Martin E, Xie T, Yu T. Defining and measuring policy coverage in testing access control policies. In Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings. Springer Verlag. 2006. p. 139-158. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Martin, Evan ; Xie, Tao ; Yu, Ting. / Defining and measuring policy coverage in testing access control policies. Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings. Springer Verlag, 2006. pp. 139-158 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{1fa66b8b486f48edb24508a75ff8a31b,
title = "Defining and measuring policy coverage in testing access control policies",
abstract = "To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.",
author = "Evan Martin and Tao Xie and Ting Yu",
year = "2006",
month = "1",
day = "1",
language = "English",
isbn = "9783540494966",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "139--158",
booktitle = "Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings",

}

TY - GEN

T1 - Defining and measuring policy coverage in testing access control policies

AU - Martin, Evan

AU - Xie, Tao

AU - Yu, Ting

PY - 2006/1/1

Y1 - 2006/1/1

N2 - To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.

AB - To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP’s responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.

UR - http://www.scopus.com/inward/record.url?scp=85009095825&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85009095825&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85009095825

SN - 9783540494966

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 139

EP - 158

BT - Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings

PB - Springer Verlag

ER -