On-line tracing of XACML-based policy coverage criteria

作     者：Lonetti, Francesca Marchetti, Eda 

作者机构：CNR Ist Sci & Tecnol Informaz A Faedo Via G Moruzzi 1 I-56124 Pisa Italy 

出 版 物：《IET SOFTWARE》 (IET软件)

年 卷 期：2018年第12卷第6期

页      面：480-488页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 

基　　金：GAUSS national research project (MIUR) [2015KWREMX] 

主　　题：authorisation XML program testing eXtensible Access Control Markup Language coverage criterion selection on-line tracing access control policies XACML-based policy coverage criteria test strategies assessment 

摘      要：Currently, eXtensible Access Control Markup Language (XACML) has becoming the standard for implementing access control policies and consequently more attention is dedicated to testing the correctness of XACML policies. In particular, coverage measures can be adopted for assessing test strategy effectiveness in exercising the policy elements. This study introduces a set of XACML coverage criteria and describes the access control infrastructure, based on a monitor engine, enabling the coverage criterion selection and the on-line tracing of the testing activity. Examples of infrastructure usage and of assessment of different test strategies are provided.