TWC: Small: Benchmarking Testing Methods for Access Control Policies

TWC：小型：访问控制策略的基准测试方法

• 批准号: 1954327
• 负责人: Dianxiang Xu
• 金额: $ 28.52万
• 依托单位: University of Missouri-Kansas City
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-09-01 至 2022-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1954327&HistoricalAwards=false
• 关键词: TWC; Small; Benchmarking; Testing; Methods

Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common. However, existing testing methods for detecting faults in access control policies have not been very successful and there is no explanation for why they are unable to detect a majority of faults. This project is investigating the inherent strengths, limitations, and cost-effectiveness of existing testing methods for access control policies. The results of this project will provide essential guidelines for planning testing efforts and selecting appropriate testing methods.The project focuses on access control policies expressed in the XACML language. The project is formalizing fault detection conditions that test cases must satisfy in order to detect specific types of access control faults. These conditions consist of reachability constraints, necessity constraints, and propagation constraints of various faults in XACML policies. They are used to determine the fault detection ability of a given testing method by evaluating whether or not its test cases satisfy the fault detection conditions. Based on the collective fault detection conditions of fault groups, the project is developing a method for generating optimal test suites using an efficient constraint solver. The optimal test suites are used to quantitatively measure cost-effectiveness levels of other testing methods in terms of the ratio between the number of faults detected (i.e., effectiveness) and the size of test suite generated (i.e., cost). Thus, the project is a study of benchmarking testing methods for access control policies.

访问控制策略指定哪些用户可以对哪些环境中的哪些资源执行哪些操作。 有缺陷的政策可能会产生严重影响，允许意外访问（例如，陌生人从银行账户提款）或阻止关键的合法访问（例如，医生无法查看患者的 X 光片）。 随着计算机系统变得更加复杂，策略缺陷也变得更加普遍。然而，现有的用于检测访问控制策略中的故障的测试方法并不是很成功，并且没有解释为什么它们无法检测到大多数故障。该项目正在研究现有访问控制策略测试方法的固有优势、局限性和成本效益。该项目的结果将为规划测试工作和选择适当的测试方法提供基本指南。该项目重点关注以 XACML 语言表达的访问控制策略。 该项目正在正式确定测试用例必须满足的故障检测条件，以便检测特定类型的访问控制故障。这些条件包括XACML策略中各种故障的可达性约束、必要性约束和传播约束。它们用于通过评估给定测试方法的测试用例是否满足故障检测条件来确定其故障检测能力。基于故障组的集体故障检测条件，该项目正在开发一种使用高效约束求解器生成最佳测试套件的方法。最佳测试套件用于根据检测到的故障数量（即有效性）与生成的测试套件的大小（即成本）之间的比率来定量衡量其他测试方法的成本效益水平。 因此，该项目是对访问控制策略的基准测试方法的研究。

项目成果

Mutation Analysis of NGAC Policies

• DOI: 10.1145/3450569.3463563
• 发表时间: 2021-06
• 期刊: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies
• 作者: Erzhuo Chen;Vladislav Dubrovenski;Dianxiang Xu

Automated Strong Mutation Testing of XACML Policies

• DOI: 10.1145/3381991.3395599
• 发表时间: 2020-05
• 期刊: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
• 作者: Dianxiang Xu;Roshan Shrestha;Ning Shen

Towards a Theory on Testing XACML Policies

• DOI: 10.1145/3532105.3535031
• 发表时间: 2022-06
• 期刊: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies
• 作者: Dianxiang Xu;Roshan Shrestha;Ning Shen;Yunpeng Zhang