Towards automatic repair of access control policies

Access control policies written in the XACML standard language tend to be complex due to the great variety of attribute types and operations for fine-grained access control. The complexity not only increases the likelihood of having authorization faults in access control policies, but also makes it challenging to find and fix these faults. This paper presents an approach for automating the process of debugging XACML policies. It consists of two main techniques: fault localization and mutation-based policy repair. Fault localization aims to find the most suspicious policy elements according to the correlation between the execution information of policy elements and the test execution results. Mutation-based policy repair aims to modify the suspicious policy elements by using well-defined mutation operators. Our empirical studies have used a large number of faulty policies with one or two seeded faults. Our approach was able to repair all of them automatically. We have also compared several scoring methods for ranking suspicious policy elements. The results show that Naish2 and CBI-Inc are very efficient for automatic repair.

[1]  Yuen-Tak Yu,et al.  Extending the Theoretical Fault Localization Effectiveness Hierarchy with Empirical Results at Different Code Abstraction Levels , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[2]  Richard J. Lipton,et al.  Hints on Test Data Selection: Help for the Practicing Programmer , 1978, Computer.

[3]  Francesca Lonetti,et al.  XACMUT: XACML 2.0 Mutants Generator , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[4]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[5]  Guanling Chen,et al.  Automatic XACML requests generation for testing access control policies , 2014, SEKE.

[6]  John T. Stasko,et al.  Visualization of test information to assist fault localization , 2002, ICSE '02.

[7]  Dianxiang Xu,et al.  Fault-Based Testing of Combining Algorithms in XACML3.0 Policies , 2015, SEKE.

[8]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[9]  Lionel C. Briand,et al.  Is mutation an appropriate tool for testing experiments? , 2005, ICSE.

[10]  Francesca Lonetti,et al.  Systematic XACML Request Generation for Testing Purposes , 2010, 2010 36th EUROMICRO Conference on Software Engineering and Advanced Applications.

[11]  Francesca Lonetti,et al.  The X-CREATE Framework - A Comparison of XACML Policy Testing Strategies , 2012, WEBIST.

[12]  Robert M. Marmorstein,et al.  Assisted Firewall Policy Repair Using Examples and History , 2007, LISA.

[13]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[14]  Tao Xie,et al.  First step towards automatic correction of firewall policy faults , 2012, TAAS.

[15]  Tao Xie,et al.  Automated Test Generation for Access Control Policies via Change-Impact Analysis , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[16]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[17]  Tao Xie,et al.  Fault Localization for Firewall Policies , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[18]  A. Jefferson Offutt,et al.  Investigations of the software testing coupling effect , 1992, TSEM.

[19]  Dianxiang Xu,et al.  Automated Fault Localization of XACML Policies , 2016, SACMAT.

[20]  Francesca Lonetti,et al.  Automatic XACML Requests Generation for Policy Testing , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[21]  Michael D. Ernst,et al.  Are mutants a valid substitute for real faults in software testing? , 2014, SIGSOFT FSE.