A Toolchain for Designing and Testing Access Control Policies

• Published in: Engineering Secure Future Internet Services and Systems Vol. 8431; pp. 266 - 286
• Main Authors: Bertolino, Antonia, Busch, Marianne, Daoudagh, Said, Lonetti, Francesca, Marchetti, Eda
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2014; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Access Control; Access Control System; Authorization Constraint; Policy Decision Point; Test Case Generation
• ISBN: 9783319074511; 3319074512
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-07452-8_11

Security is an important aspect of modern information management systems. The crucial role of security in this systems demands the use of tools and applications that are thoroughly validated and verified. However, the testing phase is an effort consuming activity that requires reliable supporting tools for speeding up this costly stage. Access control systems, based on the integration of new and existing tools are available in the Service Development Environment (SDE). We introduce an Access Control Testing toolchain (ACT) for designing and testing access control policies that includes the following features: (i) the graphical specification of an access control model and its translation into an XACML policy; (ii) the derivation of test cases and their execution against the XACML policy; (iii) the assessment of compliance between the XACML policy execution and the access control model. In addition, we illustrate the use of the ACT toolchain on a case study.