TWC: Small: Benchmarking Testing Methods for Access Control Policies

TWC：小型：访问控制策略的基准测试方法

• 批准号: 1954327
• 负责人: Dianxiang Xu
• 金额: $ 28.52万
• 依托单位: University of Missouri-Kansas City
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-09-01 至 2022-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1954327&HistoricalAwards=false
• 关键词: TWC; Small; Benchmarking; Testing; Methods

Access control policies specify which users may perform which actions on which resources within which environments. Defective policies may have serious impacts, allowing unintended access (e.g., bank account withdrawals by a stranger) or preventing critical legitimate access (e.g., a doctor cannot view her patient's x-ray). As computer systems become more complex, policy defects have become more common. However, existing testing methods for detecting faults in access control policies have not been very successful and there is no explanation for why they are unable to detect a majority of faults. This project is investigating the inherent strengths, limitations, and cost-effectiveness of existing testing methods for access control policies. The results of this project will provide essential guidelines for planning testing efforts and selecting appropriate testing methods.The project focuses on access control policies expressed in the XACML language. The project is formalizing fault detection conditions that test cases must satisfy in order to detect specific types of access control faults. These conditions consist of reachability constraints, necessity constraints, and propagation constraints of various faults in XACML policies. They are used to determine the fault detection ability of a given testing method by evaluating whether or not its test cases satisfy the fault detection conditions. Based on the collective fault detection conditions of fault groups, the project is developing a method for generating optimal test suites using an efficient constraint solver. The optimal test suites are used to quantitatively measure cost-effectiveness levels of other testing methods in terms of the ratio between the number of faults detected (i.e., effectiveness) and the size of test suite generated (i.e., cost). Thus, the project is a study of benchmarking testing methods for access control policies.

访问控制策略指定哪些用户可以在哪些环境中的哪些资源上执行哪些操作。 有缺陷的政策可能会产生严重影响，允许意外访问（例如，陌生人的银行账户提款）或阻止关键的合法访问（例如，医生不能查看她的病人的X光片）。 随着计算机系统变得越来越复杂，策略缺陷变得越来越普遍。然而，现有的用于检测访问控制策略中的故障的测试方法并不是很成功，并且没有解释为什么它们不能检测到大多数故障。这个项目正在调查访问控制策略的现有测试方法的内在优势、局限性和成本效益。该项目的结果将为计划测试工作和选择适当的测试方法提供基本的指导方针。该项目的重点是用XACML语言表示的访问控制策略。 该项目正在正式确定测试用例必须满足的故障检测条件，以便检测特定类型的访问控制故障。这些条件包括可达性约束、必要性约束和XACML策略中各种故障的传播约束。它们通过评估给定测试方法的测试用例是否满足故障检测条件来确定其故障检测能力。基于故障组的集体故障检测条件，该项目正在开发一种使用高效约束求解器生成最佳测试套件的方法。最佳测试套件用于根据检测到的故障数量之间的比率（即，有效性）和生成的测试套件的大小（即，成本）。 因此，该项目是对访问控制策略的基准测试方法的研究。

项目成果

Mutation Analysis of NGAC Policies

• DOI: 10.1145/3450569.3463563
• 发表时间: 2021-06
• 期刊: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies
• 作者: Erzhuo Chen;Vladislav Dubrovenski;Dianxiang Xu

Automated Strong Mutation Testing of XACML Policies

• DOI: 10.1145/3381991.3395599
• 发表时间: 2020-05
• 期刊: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
• 作者: Dianxiang Xu;Roshan Shrestha;Ning Shen

Towards a Theory on Testing XACML Policies

• DOI: 10.1145/3532105.3535031
• 发表时间: 2022-06
• 期刊: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies
• 作者: Dianxiang Xu;Roshan Shrestha;Ning Shen;Yunpeng Zhang