Access control enforcement testing

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy.

[1]  Yves Le Traon,et al.  Test-Driven Assessment of Access Control in Legacy Applications , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[2]  Yves Le Traon,et al.  Testing Obligation Policy Enforcement Using Mutation Analysis , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[3]  Indrakshi Ray,et al.  An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[4]  Yves Le Traon,et al.  Transforming and Selecting Functional Test Cases for Security Policy Testing , 2009, 2009 International Conference on Software Testing Verification and Validation.

[5]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[6]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[7]  Benoit Baudry,et al.  A Generic Metamodel For Security Policies Mutation , 2008, 2008 IEEE International Conference on Software Testing Verification and Validation Workshop.

[8]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[9]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  Yves Le Traon,et al.  A Model-Based Framework for Security Policy Specification, Deployment and Testing , 2008, MoDELS.

[11]  B. Baudry,et al.  Mutation Analysis for Security Tests Qualification , 2007, Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007).

[12]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[13]  Ana R. Cavalli,et al.  Security Rules Specification and Analysis Based on Passive Testing , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[14]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[15]  Mehmet Aksit Principles of aspect-oriented programming languages, design dimensions and the composition filters approach , 2004, Obj. Logiciel Base données Réseaux.