Detecting Incorrect Uses of Combining Algorithms in XACML 3.0 Policies

With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for specifying attribute-based access control ...

[1]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[2]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[3]  Tao Xie,et al.  Automated Test Generation for Access Control Policies via Change-Impact Analysis , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[4]  Francesca Lonetti,et al.  Systematic XACML Request Generation for Testing Purposes , 2010, 2010 36th EUROMICRO Conference on Software Engineering and Advanced Applications.

[5]  Tao Xie,et al.  Assessing Quality of Policy Properties in Verification of Access Control Policies , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[6]  Jorge Lobo,et al.  Policy decomposition for collaborative access control , 2008, SACMAT '08.

[7]  Tao Xie,et al.  Designing Fast and Scalable XACML Policy Evaluation Engines , 2011, IEEE Transactions on Computers.

[8]  Elisa Bertino,et al.  XACML Policy Integration Algorithms , 2008, TSEC.

[9]  Francesca Lonetti,et al.  Automated testing of eXtensible Access Control Markup Language-based access control systems , 2013, IET Softw..

[10]  Kurt Maly,et al.  Archon - A Digital Library that Federates Physics Collections , 2002, Dublin Core Conference.

[11]  Francesca Lonetti,et al.  The X-CREATE Framework - A Comparison of XACML Policy Testing Strategies , 2012, WEBIST.

[12]  Evan Martin,et al.  Automated test generation for access control policies , 2006, OOPSLA '06.

[13]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Tevfik Bultan,et al.  Automated verification of access control policies using a SAT solver , 2008, International Journal on Software Tools for Technology Transfer.

[15]  Xiangyu Zhang,et al.  Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.

[16]  Tao Xie,et al.  Detection of Multiple-Duty-Related Security Leakage in Access Control Policies , 2009, 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement.

[17]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[18]  Anna Cinzia Squicciarini,et al.  Adaptive Reordering and Clustering-Based Framework for Efficient XACML Policy Evaluation , 2011, IEEE Transactions on Services Computing.

[19]  Francesca Lonetti,et al.  Similarity testing for access control , 2015, Inf. Softw. Technol..

[20]  Guanling Chen,et al.  Automatic XACML requests generation for testing access control policies , 2014, SEKE.

[21]  Tao Xie,et al.  ACPT: A Tool for Modeling and Verifying Access Control Policies , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[22]  Francesca Lonetti,et al.  Automatic XACML Requests Generation for Policy Testing , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[23]  Francesca Lonetti,et al.  Coverage-Based Test Cases Selection for XACML Policies , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops.

[24]  Francesca Lonetti,et al.  XACMUT: XACML 2.0 Mutants Generator , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[25]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.