A Toolchain for Model-based Design and Testing of Access Control Systems
Said Daoudagh, Donia El Kateb, Francesca Lonetti, Eda Marchetti, Tejeddine Mouelhi
2015
Abstract
In access control systems, aimed at regulating the accesses to protected data and resources, a critical component is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies. Due to the complexity of the standard languag-e, it is recommended to rely on model-driven approaches which allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that involves a model-driven approach to specify and generate XACML policies and also enables automated testing of the PDP component. We use XACML-based testing strategies for generating appropriate test cases which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An experimental assessment of the toolchain and its use on a realistic case study are also presented.
References
- Bertolino, A., Daoudagh, S., Lonetti, F., and Marchetti, E. (2012a). Automatic XACML requests generation for policy testing. In Proc. of SECTEST, pages 842-849.
- Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., and Mori, P. (2012b). Testing of PolPA Authorization Systems. In Proc. of AST, pages 8-14.
- Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., and Schilders, L. (2013). Automated testing of extensible access control markup language-based access control systems. IET Software, 7(4):203-212.
- Bertolino, A., Lonetti, F., and Marchetti, E. (2010). Systematic XACML Request Generation for Testing Purposes. In Proc. of EUROMICRO (SEAA), pages 3-11.
- Jézéquel, J.-M., Barais, O., and Fleurey, F. (2011). Model driven language engineering with kermeta. In Generative and Transformational Techniques in Software Engineering III, pages 201-221. Springer.
- Le Traon, Y., Mouelhi, T., and Baudry, B. (2007). Testing security policies: going beyond functional testing. In Proc. of ISSRE, pages 93-102.
- Li, N., Hwang, J., and Xie, T. (2008). Multipleimplementation testing for XACML implementations. In Proc. of TAV-WEB, pages 27-33.
- Lodderstedt, T., Basin, D., and Doser, J. (2002). SecureUML: A UML-based modeling language for model-driven security. In The Unified Modeling Language, pages 426-441. Springer.
- Martin, E. and Xie, T. (2006). Automated test generation for access control policies. In Supplemental Proc. of ISSRE.
- OASIS (1 Feb 2005). eXtensible Access Control Markup Language (XACML) Version 2.0.
- OASIS Committee (2005). XACML Version 2.0 Conformance Tests.
- OMG (2004). UML 2.0 Testing Profile Specification. http://utp.omg.org/.
- Pretschner, A., Mouelhi, T., and Traon, Y. L. (2008). Model-based tests for access control policies. In Proc. of ICST, pages 338-347.
- Sun Microsystems (2006). Sun's XACML Implementation.
Paper Citation
in Harvard Style
Daoudagh S., El Kateb D., Lonetti F., Marchetti E. and Mouelhi T. (2015). A Toolchain for Model-based Design and Testing of Access Control Systems . In Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-083-3, pages 411-418. DOI: 10.5220/0005330604110418
in Bibtex Style
@conference{modelsward15,
author={Said Daoudagh and Donia El Kateb and Francesca Lonetti and Eda Marchetti and Tejeddine Mouelhi},
title={A Toolchain for Model-based Design and Testing of Access Control
Systems},
booktitle={Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2015},
pages={411-418},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005330604110418},
isbn={978-989-758-083-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - A Toolchain for Model-based Design and Testing of Access Control
Systems
SN - 978-989-758-083-3
AU - Daoudagh S.
AU - El Kateb D.
AU - Lonetti F.
AU - Marchetti E.
AU - Mouelhi T.
PY - 2015
SP - 411
EP - 418
DO - 10.5220/0005330604110418