Elsevier

Advances in Computers

Volume 99, 2015, Pages 195-222
Advances in Computers

Chapter Five - Inroads in Testing Access Control

https://doi.org/10.1016/bs.adcom.2015.04.003Get rights and content

Abstract

In the last few years, a plethora of research has addressed security testing issues. Several commercial tools have emerged to provide security testing services. Software security testing goes beyond functional testing to reveal flaws and vulnerabilities in software design and behavior. Access control is a major pillar in computer security. This chapter pursues the goal of describing the landscape in the research area of access control testing. We provide an outline of the different existing research over the literature according to the taxonomy reflecting the different phases of common software testing processes (generation, selection, prioritization, quality assessment, regression). We also provide an outline of some existing initiatives that support usage control besides access control by testing obligation policies. Finally, we point out future research directions that emerge from the current research study. Through this work, we aim at providing useful guidelines for software testers to improve the current trends in access control testing.

Introduction

Software security is one major concern that is required to build trustworthy software systems. In the last decades, we have witnessed an increasing interest in the security testing research area. Several researchers have explored this topic by providing new solutions in terms of security modeling, security features development, and the specification and implementation of the security mechanisms that have to be embedded in software systems. In parallel to the emergence of security concerns, security testing has also gained a considerable interest as it has to be developed conjointly to software security hardening. As a matter of fact, it is crucial to guarantee that the security mechanisms that are in place are correctly implemented. Testing these security mechanisms is very important in order to avoid ending up with security flaws inside the system or the application.

Access control is one of the major and the most critical security mechanisms. It ensures that only eligible users are able to access protected resources in a given system. This book chapter explores the landscape of access control testing and shows advances in access control testing approaches.

We start by providing recent advances in access control testing by surveying recent contributions in this research domain. We present the research contributions according to how they fit in a given research process. In a nutshell, the process of testing access control implemented in a given system or application follows the different steps highlighted in Fig. 1. The first and the most important step aims at generating a set of test cases that have to be exercised on the system under test.

Based on real-world applications, a large number of test cases are generated. Due to budget, time, and resources constraints, testers have to choose the tests that have to be run among all the generated tests. The subset of test cases to be run is defined based on business-related criteria according to available budget, computing resources, and the time allocated to testing. Commonly, there are two options, either selecting a fixed number of tests or ordering (prioritizing) tests. When prioritizing tests, the tests that have highest priority are executed first until the resources that are available for testing such as time or budget are consumed. Finally, once tests are executed and their verdict is checked, we need to assess the quality of these tests to provide guarantee that the test suite is of high quality. Tests assessment enables also to evaluate the fault-detection capability of tests cases. This book chapter goes first through the overall testing process by providing a detailed description of existing research contributions that aim at generating, selecting, prioritizing, and assessing test cases. Second, we provide an overall view of international projects which tackled security testing and the emerging commercial products for security testing.

Third, we describe ongoing research that extends the work on access control testing to encompass usage control testing.

We conclude this chapter by discussing the main security testing challenges that are worth exploring in the near future. The remainder of this chapter is organized as follows. In Section 2, we give an overview about access control concepts and mechanisms by focusing on the XACML policy model. In Section 3, we go through the different approaches for access control testing according to a classification according to test targets. Section 4 outlines the research proposals in each step of common testing processes. Section 5 gives an overview about usage control testing. Section 6 discusses future research challenges and finally Section 7 concludes this work.

Section snippets

Access Control

In the last few years, XACML (eXtensible Access Control Markup Language) has gained momentum as a standard to develop security solutions. In this section, we introduce key concepts related to access control, XACML architecture, and policy language.

Test Targets When Testing Access Control

XACML policy specification language defines access control policies in an XML format and defines a standardized way to exchange requests/responses. It relies on an abstract architecture consisting of abstract components interacting with each other to handle a decision making process. XACML relies on a standardized encoding since it enables to encode a policy independently from the underlying platform, to make it thus interoperable with heterogeneous platforms. In XACML architecture, the policy

Access Control Testing

Access control testing [22] is based on the evaluation of actual access control responses against expected responses. Tests inputs are access control requests that are evaluated by the PDP against the access control policy. The test outputs are the authorization responses that testers compare against what they expect in terms of authorization response. In what follows, we revisit recent advances in the main building blocks of access control testing by starting with test qualification, then test

Usage Control Testing

Even though the research in access control testing has been quite active in the last few years. There is still a major effort to improve usage control testing. Rubab et al. [46] have initiated this effort by developing a model-based approach for usage control testing. Their approach is based on an obligations profile that extends the concepts of UML Class and State Machine Diagrams. They have used the Object Constraint Language to define constraints on the obligations profile. The profile

Discussion

Even though the domain of access testing has been widely explored in the last few years, there is still big room for research to tackle the current limitations and challenges in this research area. These limitations and challenges are the following:

Conclusion

This book chapter presented a detailed summary of existing approaches tackling access control testing. It has focused on testing the XACML policies and showed the different components of XACML policies testing, namely, the automated test generation approaches, test selection and prioritization approaches, and finally test qualification and assessment based on mutation analysis. This area of research has been very active during the last decade and researchers made significant progress and

Acknowledgments

We would like to thank itrust consulting staff for their help in proofreading this book chapter and their help in providing feedback and comments specially in the discussion part.

In addition, we would like to thank the members of the SerVal research group, from the University of Luxembourg, for their help, comments, and interesting inputs that helped us in improving the contents of this book chapter.

Dr. Tejeddine Mouelhi is a currently a senior security researcher at itrust consulting. Prior to that, he was a research associate at the University of Luxembourg for 4 years. He was involved in the Dynosoar project, focusing on access control testing and modeling. He holds a PhD degree in Computer Science. His PhD subject was about “Testing and Modeling Security Mechanisms in Web Applications.”

References (48)

  • A. Bertolino et al.

    Similarity testing for access control

    Inf. Softw. Technol.

    (2015)
  • P. Samarati et al.

    Access control: policies, models, and mechanisms

  • F. Siewe et al.

    A compositional framework for access control policies enforcement

  • J. Ligatti et al.

    Edit automata: enforcement mechanisms for run-time security policies

    Int. J. Inf. Secur.

    (2005)
  • N. Damianou et al.

    The ponder policy specification language

  • D.F. Ferraiolo et al.

    Proposed NIST standard for role-based access control

    ACM Trans. Inf. Syst. Secur.

    (2001)
  • D.E. Bell et al.

    Secure Computer System: Unified Exposition and Multics Interpretation (No. MTR-2997-REV-1)

    (1976)
  • B. Lampson

    Protection

  • A.A.E. Kalam et al.

    Organization based access control

  • P. Ashley, S. Hada, G. Karjoth, C. Powers, M. Schunter, 2003, Enterprise privacy authorization language (EPAL 1.2),...
  • A. Pretschner et al.

    Distributed usage control

    Commun. ACM

    (2006)
  • J. Park et al.

    Towards usage control models: beyond traditional access control

  • M. Hilty et al.

    On obligations

  • X. Zhang, Formal model and analysis of usage control, Ph.D. thesis,...
  • N.H. Minsky et al.

    Ensuring integrity by adding obligations to privileges

  • K. Irwin et al.

    On the modeling and analysis of obligations

  • J. Park et al.

    Towards usage control models: beyond traditional access control

  • J. Park et al.

    The UCON ABC usage control model

    ACM Trans. Inf. Syst. Secur.

    (2004)
  • C. Danwei et al.

    Access control of cloud service based on ucon

  • E. Martin

    Testing and analysis of access control policies

  • T. Mouelhi et al.

    Transforming and selecting functional test cases for security policy testing

  • S. Daoudagh et al.

    A toolchain for model-based design and testing of access control systems

  • J.H. Hwang et al.

    Testing access control policies

  • E. Martin et al.

    A fault model and mutation testing of access control policies

    • Cited by (7)

    Dr. Tejeddine Mouelhi is a currently a senior security researcher at itrust consulting. Prior to that, he was a research associate at the University of Luxembourg for 4 years. He was involved in the Dynosoar project, focusing on access control testing and modeling. He holds a PhD degree in Computer Science. His PhD subject was about “Testing and Modeling Security Mechanisms in Web Applications.”

    Prof. Dr. Yves Le Traon is a professor at University of Luxembourg, in the Faculty of Science, Technology and Communication (FSTC). His domains of expertise are related software engineering and software security, with a focus on software testing and model-driven engineering. He received his engineering degree and his PhD in Computer Science at the “Institut National Polytechnique” in Grenoble, France, in 1997. From 1998 to 2004, he was an associate professor at the University of Rennes, in Brittany, France. During this period, Professor Le Traon studied design for testability techniques, validation, and diagnosis of object-oriented programs and component-based systems. From 2004 to 2006, he was an expert in Model-Driven Architecture and Validation in the EXA team (Requirements Engineering and Applications) at “France Télécom R&D” company. In 2006, he became professor at Telecom Bretagne (Ecole Nationale des Télécommunications de Bretagne) where he pioneered the application of testing for security assessment of Web applications, P2P systems, and the promotion of intrusion detection systems using contract-based techniques.

    He is currently the head of the Computer Science Research Unit at University of Luxembourg. He is a member of the Interdisciplinary Centre for Security, Reliability and Trust (SnT), where he leads the research group SERVAL (SEcurity Reasoning and VALidation). His research interests include software testing, model-driven engineering, model-based testing, evolutionary algorithms, software security, security policies, and Android security. The current key topics he explores are related to Internet of Things (IoT) and Cyber-Physical Systems (CPS), Big Data (stress testing, multiobjective optimization, analytics, [email protected]), and mobile security and reliability. He is author of more than 140 publications in international peer-reviewed conferences and journals.

    Dr. Donia El Kateb is a research associate in the Interdisciplinary Centre for Security, Reliability and Trust (SnT). She obtained her Computer Science Engineering degree at ENSI (National School of Computer Sciences) in Tunisia in 2005. She worked 4 years at the National Digital Certification Agency in Tunisia as a security engineer. She received her PhD in Computer Science at the University of Luxembourg in 2015. Her research interests span over multiobjective optimization, software engineering, and security.

    View full text
    Copyright © 2015 Elsevier Inc. All rights reserved.