Systematic XACML Request Generation for Testing Purposes

Abstract

A widely adopted security mechanism is the specification of access control policies by means of the XACML language. In this paper, we propose a framework, called X-CREATE, for the systematic generation of test inputs (XACML requests). Differently from existing tools, XCREATE exploits the XACML Context Schema. In particular, the tool applies a XML-based methodology (XPT) to systematically produce a set of intermediate instances, covering the XACML Context Schema. Moreover, for request generation, X-CREATE applies a procedure for parsing the policy under test and assigning values to the generated intermediate instances. The aim of the proposed framework is twofold: testing of policy evaluation engines and testing of access control policies. The experimental results show that the fault detection effectiveness of X-CREATE is similar or higher than that of existing approaches.