Abstract
The implementation of an authorization system is a critical and error-prone activity that requires a careful verification and testing process. As a matter of fact, errors in the authorization system code could grant accesses that should instead be denied, thus jeopardizing the security of the protected system. In this paper, we address the testing of the implementation of the Policy Decision Point (PDP) within the PolPA authorization system that enables history-based and usage-based control of accesses. Accordingly, we propose two testing strategies specifically conceived for validating the history-based access control and the usage control functionalities of the PolPA PDP. The former is based on a fault model able to highlight the problems and vulnerabilities that could occur during the PDP implementation. The latter combines the standard technique for conditions coverage with a methodology for simulating the continuous control of the PDP during the runtime execution. Both strategies are implemented within a testing framework supporting the automatic generation and execution of security test suites. Results produced by the application of this testing framework to a real case study are presented.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11219-013-9216-0/MediaObjects/11219_2013_9216_Fig1_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11219-013-9216-0/MediaObjects/11219_2013_9216_Fig2_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11219-013-9216-0/MediaObjects/11219_2013_9216_Fig3_HTML.gif)
Similar content being viewed by others
Notes
Where the dot represents the seq composition operator.
Note that the term condition in this section does not refer to the environment conditions specified in the UCON model.
Indeed in this evaluation we suppose that the correctness of these PDP replies has been validated during a previously executed phase of history-based testing.
Note that the same error was also detected in a previous experiment described in (Bertolino et al. 2012).
Abbreviations
- AC(RA):
-
AfterCondition(revokeaccess(s, o, r))
- BC(RA):
-
BeforeCondition(revokeaccess(s, o, r))
- CC:
-
Change Command
- CCO:
-
Change Composition Operator
- CGIO:
-
Change Guard Integer Operator
- CGSO:
-
Change Guard String Operator
- CLO:
-
Change Logical Operator
- DC(RA):
-
DuringCondition(revokeaccess(s, o, r))
- FMM:
-
Fault Model Manager
- FPG:
-
Faulty Policies Generator
- MA(RA):
-
MultipleAfter(revokeaccess(s, o, r))
- MAU:
-
Mutable Attribute Updater
- MB(RA):
-
MultipleBefore(revokeaccess(s, o, r))
- MCC:
-
Multiple Condition Coverage
- MCD:
-
Multiple Coverage Domain
- MD(RA):
-
MultipleDuring(revokeaccess(s, o, r))
- PAP:
-
Policy Administration Point
- PDP:
-
Policy Decision Point
- PEP:
-
Policy Enforcement Point
- PIP:
-
Policy Information Point
- PTSM:
-
Policy Test Set Manager
- SUT:
-
System Under Test
- TCG:
-
Test Case Generator
- TD:
-
Test Driver
- TO:
-
Test Oracle
- UCON:
-
Usage Control
References
Bailey, C. (2012). Application of self-adaptive techniques to federated authorization models. In Proceedings of 34th international conference on software engineering (ICSE), (pp. 1495–1498).
Bertolino, A., Daoudagh, S., Lonetti, F., & Marchetti, E. (2012). Automatic XACML requests generation for policy testing. In Proceedings of fourth IEEE international workshop on security testing (associated with ICST 2012), (pp. 842–849).
Bertolino, A., Daoudagh, S., Lonetti, F., & Marchetti., E. (2013). XACMUT: XACML 2.0 mutants generator. In Proceedings of 8th international workshop on mutation analysis (associated with ICST 2013)
Bertolino, A., Daoudagh, S., Lonetti, F., & Marchetti, E., Martinelli, F., Mori, P. (2012). Testing of PolPA authorization systems. In Proceedings of 7th international workshop on automation of software test (associated with ICSE 2012), (pp. 8–14).
Bertolino, A., Lonetti, F., & Marchetti, E. (2010). Systematic XACML request generation for testing purposes. In Proceedings of 36th EUROMICRO conference on software engineering and advanced applications (SEAA), (pp. 3–11).
Büchler, M., Oudinet, J., & Pretschner, A. (2011). Security mutants for property-based testing. In Proceedings of 5th international conference on tests and proofs (TAP), (pp. 69–77).
Castrucci, A., Martinelli, F., Mori, P., & Roperti, F. (2008). Enhancing Java ME security support with resource usage monitoring. In: Proceedings of information and communications security, Lecture Notes in Computer Science, vol. 5308, pp. 256–266.
Colombo, M., Lazouski, A., Martinelli, F., & Mori, P. (2010). A proposal on enhancing XACML with continuous usage control features. In Proceedings of CoreGRID ERCIM working group workshop on grids, P2P and Services Computing, (pp. 133–146). Springer
Colombo, M., Martinelli, F., Mori, P., Martini, B., Gharbaoui, M., & Castoldi, P. (2011). Extending resource access in multi-provider networks using trust management. International Journal of Computer Networks & Communications (IJCNC), 3(3), 133–147.
Jia, Y., & Harman, M. (2011) An analysis and survey of the development of mutation testing. IEEE Transactions on Software Engineering, 37(5), 649 –678.
Martin, E., & Xie, T. (2006). Automated test generation for access control policies. In Supplemental Proceedings of 17th international symposium on software reliability engineering (ISSRE).
Martin, E., & Xie, T. (2007a). A fault model and mutation testing of access control policies. In Proceedings of 16th international conference on World Wide Web (WWW), (pp. 667–676).
Martin, E., & Xie, T. (2007b). Automated test generation for access control policies via change-impact analysis. In Proceedings of third international workshop on software engineering for secure systems (SESS), (pp. 5–12).
Martinelli, F., & Mori, P. (2010). On usage control for grid systems. Future Generation Computer Systems, 26(7), 1032–1042.
Mathur, A.P. (2008). Foundations of software testing, 1st edn. Pearson Education, Upper Saddle River.
Mouelhi, T., Fleurey, F., & Baudry, B. (2008). A generic metamodel for security policies mutation. In Proceedings of software testing verification and validation workshop (ICSTW), (pp. 278–286).
Nyre, A. A. (2011). Usage control enforcement-a survey. Availability, Reliability and Security for Business, Enterprise and Health Information Systems pp. 38–49.
Petrenko, A. (2001). Fault model-driven test derivation from finite state models: Annotated bibliography. In Proceedings of the 4th summer school on modeling and verification of parallel processes, (pp. 196–205).
Pretschner, A., Mouelhi, T., & Le Traon, Y. (2008). Model-based tests for access control policies. In Proceedings of international conference on software testing, verification, and validation (ICST), (pp. 338–347).
Sandhu, R., & Park, J. (2004). The UCON ABC usage control model. ACM Transactions on Information and System Security, 7(1), 128–174.
Shan, L., & Zhu, H. (2007). Generating structurally complex test cases by data mutation: A case study of testing an automated modelling tool. Comp. Jour., 52, 571–588.
Zhang, X., Parisi-Presicce, F., & Sandhu, R. (2005). Formal model and policy specification of usage control. ACM Transactions on Information and System Security, 8(4), 351–387.
Acknowledgment
This work has been partially funded by the Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) FP7 Project contract n. 256980.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bertolino, A., Daoudagh, S., Lonetti, F. et al. Testing of PolPA-based usage control systems. Software Qual J 22, 241–271 (2014). https://doi.org/10.1007/s11219-013-9216-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-013-9216-0