TWC: Small: Benchmarking Testing Methods for Access Control Policies

TWC：小型：访问控制策略的基准测试方法

• 批准号: 1618229
• 负责人: Dianxiang Xu
• 金额: $ 49.71万
• 依托单位: Boise State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2019-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618229&HistoricalAwards=false
• 关键词: TWC; Small; Benchmarking; Testing; Methods

Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common. However, existing testing methods for detecting faults in access control policies have not been very successful and there is no explanation for why they are unable to detect a majority of faults. This project is investigating the inherent strengths, limitations, and cost-effectiveness of existing testing methods for access control policies. The results of this project will provide essential guidelines for planning testing efforts and selecting appropriate testing methods.The project focuses on access control policies expressed in the XACML language. The project is formalizing fault detection conditions that test cases must satisfy in order to detect specific types of access control faults. These conditions consist of reachability constraints, necessity constraints, and propagation constraints of various faults in XACML policies. They are used to determine the fault detection ability of a given testing method by evaluating whether or not its test cases satisfy the fault detection conditions. Based on the collective fault detection conditions of fault groups, the project is developing a method for generating optimal test suites using an efficient constraint solver. The optimal test suites are used to quantitatively measure cost-effectiveness levels of other testing methods in terms of the ratio between the number of faults detected (i.e., effectiveness) and the size of test suite generated (i.e., cost). Thus, the project is a study of benchmarking testing methods for access control policies.

访问控制策略指定哪些用户可以对哪些环境中的哪些资源执行哪些操作。有缺陷的政策可能会产生严重的影响，允许意外访问（例如，陌生人提取银行账户）或阻止关键的合法访问（例如，医生不能查看患者的x光片）。随着计算机系统变得越来越复杂，政策缺陷也变得越来越普遍。然而，现有的用于检测访问控制策略中的故障的测试方法并不是很成功，并且无法解释为什么它们无法检测到大多数故障。这个项目正在研究访问控制策略的现有测试方法的固有优势、限制和成本效益。这个项目的结果将为计划测试工作和选择适当的测试方法提供必要的指导方针。该项目侧重于用XACML语言表达的访问控制策略。该项目正在形式化测试用例必须满足的故障检测条件，以便检测特定类型的访问控制故障。这些条件包括可达性约束、必要性约束和XACML策略中各种错误的传播约束。通过评估测试用例是否满足故障检测条件，确定给定测试方法的故障检测能力。基于故障组的集体故障检测条件，本项目正在开发一种利用有效约束求解器生成最优测试套件的方法。根据检测到的故障数量（即有效性）和生成的测试套件的大小（即成本）之间的比率，使用最优测试套件来定量地度量其他测试方法的成本效益水平。因此，该项目是对访问控制策略的基准测试方法的研究。

项目成果

Automated Coverage-Based Testing of XACML Policies

• DOI: 10.1145/3205977.3205979
• 发表时间: 2018-06
• 期刊: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies
• 作者: Dianxiang Xu;Roshan Shrestha;Ning Shen