Computer Science Department, University of Pisa, 56127 Pisa, Italy.
ISTI-CNR, 56124 Pisa, Italy.
Sensors (Basel). 2022 Apr 13;22(8):2984. doi: 10.3390/s22082984.
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies. The verbosity and complexity of XACML syntax as well as the natural language semantics provided by the standard make the verification and testing of these policies difficult and error-prone. In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes. This paper provides three contributions: it provides a comprehensive formal specification of XACML 3.0 policy elements; it leverages the existing policy coverage criteria to be suitable for XACML 3.0; and it introduces a new set of coverage criteria to better focus the testing activities on the peculiarities of XACML 3.0. The application of the proposed coverage criteria to a policy example is described, and hints for future research directions are discussed.
访问控制系统是一种用于控制系统资源访问的安全机制,而 XACML 是用于指定、存储和部署访问控制策略的标准语言。XACML 语法的冗长和复杂性以及标准提供的自然语言语义使得这些策略的验证和测试变得困难且容易出错。在文献中,为了验证和可测试性的目的,提供了分析技术和访问控制语言形式化。本文提供了三个贡献:它提供了 XACML 3.0 策略元素的全面形式规范;它利用现有的策略覆盖标准使其适用于 XACML 3.0;并引入了一组新的覆盖标准,以便更好地将测试活动集中在 XACML 3.0 的特殊性上。描述了将建议的覆盖标准应用于策略示例的情况,并讨论了未来研究方向的提示。