an automated model based test oracle for access control
play

An Automated Model-based Test Oracle for Access Control Systems - PowerPoint PPT Presentation

Oct 20, 2022 •138 likes •459 views

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

  1. An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa

  2. Agenda Introduction Access Control Systems • XACML policies • XACML testing • XACMET approach XACML oracle • XAC-tree, XAC-graph and XAC-paths • Empirical Evaluation Study 1: OASIS conformance test suite • Study 2: comparison against multiple PDPs • Conclusions and Future Work 2

  3. Introduction Security is a primary concern in modern interconnected distributed software systems It is made of the CIA Triad: Confidentiality • Integrity • Availability • 3

  4. Access control For data and resources security, we need to ensure that only the intended subjects can access them and that these intended users are only given the level of access required to accomplish their tasks. An access control system provides a decision to an authorization request, typically based on predefined policies POLICY RESPONSE REQUEST Access Control 4

  5. Defining security policies A security policy states what is and what is not allowed 5

  6. XACML Standard eXtensible Access Control Markup Language www.oasis-open.org v XACML is the OASIS standard for specifying Access Control Policy v It is a general-purpose language for access control policies. It provides an XML-based syntax for managing access to resources 6

  7. XACML languages 7

  8. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 8

  9. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 9

  10. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> Rule2 <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 10

  11. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> Target <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> Rule2 <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > Target <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 11

  12. XACML architecture 12

  13. XACML architecture evaluates applicable policy and returns an authorization decision 13

  14. How do we validate the access control system? XACML properties of interoperability, extensibility, distribution are paid in terms of complexity and verbosity Policies can be deceiving and need to be carefully tested 14

  15. Two testing purposes Testing the policies ß vs. à Testing the PDP SUT POLICIES POLICIES TEST SUITE TEST SUITE PDP PDP SUT REPLY REPLY 15

  16. Two testing purposes Testing the policies ß vs. à Testing the PDP POLICIES TEST SUITE PDP SUT REPLY 16

  17. Motivation Several proposals for automating PDP testing, including: Mutation; • Coverage; • Random; • Combinatorial; • Model-based techniques. • They all share an important drawback: the lack of the oracle i.e., for the generated requests the expected PDP decision is not • provided; an important limitation, especially when test suites are large and • manual inspection of results is unfeasible. 17

  18. XACML oracle Given a generic request, the result of the evaluation of an XACML policy with that request depends on: • the request values; • the policy constraints; • as well as the combining algorithm that prioritizes the evaluation of the policy rules.

  19. XACMET XACML Modeling & Testing XACML Policy Expected XACMET Decision XACML Request 19

  20. XACMET oracle derivation 1. The XACML policy is represented as a XAC-Tree 2. The XAC-Tree is transformed into a XAC-Graph 3. The paths over the XAC-Graph are derived 4. For each path, a verdict (the oracle) is obtained 20

  21. XAC-Tree example 21

  22. XAC-Graph 22

  23. Two examples of XAC-Paths

  24. Evaluation We conducted two studies: 1. Compliance with XACML conformance test suite 2. Comparison against one BB existing approach: Nuo Li, JeeHyun Hwang, and Tao Xie. 2008. Multiple- implementation testing for XACML implementations. TAV- WEB '08 24

  25. Study 1 For each test case, we derived XAC-Graph associated to • the XACML policy and an ordered set of paths. Then, we evaluated the XACML request against the • obtained set of paths, we identified the first covered path and derived the verdict associated to that path. Finally, we compared this verdict with the decision value • specified in the response belonging to the test case. 25

  26. Study 1 XACML Policy Functionality XACML Request #Policy #Rule #Cond #Sub #Res #Act #Funct Conformance Test Suite XACML Policies II A (90 %) 18 18 12 18 8 16 112 18 II B (100 %) 53 53 6 51 50 98 410 53 II C (10 %) 22 22 22 18 3 1 102 22 II D (17 %) 5 13 7 13 - - 60 5 A Conformance Test Case consists of three elements : XACML policy , XACML request , and XACML response We focused on the subset of tests implementing the mandatory functionalities For all tests, the XACMET verdict coincided with the expected access decision. 26

  27. Study 2 27

  28. Study 2 XACML Policy Functionality XACML Request # Policy #Rule #Cond #Sub #Res #Act #Funct Real world XACML Policies 1 6 5 3 3 0 4 8 2_73020419964_2 1 3 2 1 2 1 3 5 create-document 1 3 2 2 3 2 4 13 demo-5 1 3 2 2 3 1 5 8 demo-11 1 2 1 1 3 1 4 16 demo-26 1 4 3 2 4 1 3 6 read-document 1 2 1 0 2 1 2 4 read-informationunit 1 4 3 2 4 1 3 6 read-patient 1 3 0 24 3 3 2 18 Xacml-Nottingham-1 For all requests the XACMET oracle verdict coincided with the one from the multiple PDPs 28

  29. Conclusions Ø We have introduced a novel model-based approach to automatic generation of XACML oracle for testing policy evaluation engines. Ø The XACMET approach fully automatically derives a verdict for each XACML request by considering the expected behavior of the PDP. Ø Experimental results so far evidence the effectiveness of our proposal with respect to the oracle provided in the XACML conformance tests. 29

  30. Future Work Ø We plan to extend our automated oracle in order to consider more functionalities of the XACML conformance policies Ø The XACMET approach is being extended to be compliant with the latest version of the XACML standard Ø The XACMET approach can also be used for (not shown here): Ø Automatically generating a test suite Ø Measuring the coverage over the XAC-Graph Ø Future work will also include further experimentation of XACMET, and its comparison with other model-based approaches. 30

  31. Thank you for your attention! Antonia Bertolino, Said Daoudagh, Francesca Lonetti, Eda Marchetti: An Automated Model-based Test Oracle for Access Control Systems . AST@ICSE, Gothenburg, Sweden. May 28-29, 2018. For XACMET details please contact: said.daoudagh@di.unipi.it

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from SysML Models Jrg Brauer and Jan Peleska Verified Systems International GmbH support@verified.de Space Tech Expo Europe 2015-11-19 Motivation

499 views • 26 slides
Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems

Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems

Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems Develop a software tool that will check instrumentation data collected from an integrated mission system to see if the observed system behaviors

475 views • 10 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based

Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based

Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based control already works on complex dynamical systems Abbeel et al, IJRR 2010 nominal model physics model predictive control Williams et al, ICRA

251 views • 10 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint

Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint

Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint work with: David Saff, Yingyi Bu, Michael D. Ernst 1 Unit Testing for Object-oriented Programs Unit test = sequence of method calls + testing oracle

1.38k views • 43 slides
HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations &amp; Practice of

1.05k views • 49 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R.

Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R.

Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R. Schaich, T. Breitinger Mercedes-AMG GmbH, Affalterbach 9 th International CTI Symposium Berlin, 2010 Outline Motivation Principle of the scenario

204 views • 18 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression Evaluation History April 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Overview Protection state of system Describes current settings,

310 views • 13 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists May 31, 2005 ECS 235, Computer and Information Slide #1 Security Access Control Lists Columns

1.24k views • 80 slides
Presentation Objectives Test coverage concepts Advantages of automated test coverage

Presentation Objectives Test coverage concepts Advantages of automated test coverage

Automated Test Coverage: Take Your Test Suites To the Next Level Presented By Jay Berkenbilt Apex CoVantage Solving the Software Quality Puzzle Page 1 www.psqtconference.com D Presentation Objectives Test coverage

412 views • 29 slides
Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science

Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science

Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science North Carolina State University http://ase.csc.ncsu.edu/ http://ase.csc.ncsu.edu/autotest/ Software Testing Setup ? = + Expected Test

411 views • 25 slides
ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an

ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an

ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an an act actuar ary? The m mathematicia icians ns o of the i insurance ce i industry. A business p professiona nal who wh

757 views • 17 slides
Testing Why bother? Professor Larry Heimann Carnegie Mellon University Information Systems

Testing Why bother? Professor Larry Heimann Carnegie Mellon University Information Systems

Testing Why bother? Professor Larry Heimann Carnegie Mellon University Information Systems Program Why do testing? Comic of the Day... Class example: romanic_testing Get the code at https://github.com/profh/romanic_testing Unit testing

153 views • 11 slides
The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj

515 views • 36 slides
Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E A N R D U O C D O O D C N E Ralph Guderlei and Johannes Mayer rjg@mathematik.uni-ulm.de, jmayer@mathematik.uni-ulm.de

627 views • 40 slides
Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM ELKARABLIEH, YAI O. LALEYE, SARFRAZ KHURSHID ASE08 PRESENTED BY: YUSHAN ZHANG 1 http://ieeexplore.ieee.org/document/4639327/ 2020/10/8 Blackbox

434 views • 18 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m.

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m.

Principles of Software Construction: Objects, Design, and Concurrency Invariants, immutability, and testing Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m. Mandatory design review meeting

1.02k views • 63 slides
Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites developed in 2017+2018 compiled using Eclipse TITAN uses just a command-line compiler + Makefiles no IDE needed at all, dont let Eclipse fool you

805 views • 21 slides

More recommend