Access control enforcement testing
Abstract
A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy.
References
[1]
http://www.jamopp.org/index.php/jamopp.
[2]
Mutax: https://sites.google.com/site/servalteam/tools/mutax.
[3]
M. Aksit. Principles of aspect-oriented programming languages, design dimensions and the composition filters approach. page 15, 2004.
[4]
D. E. Bell and L. J. LaPadula. Secure computer systems: Unified exposition and Multics interpretation. Technical report, 1975.
[5]
P. T. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In Proceedings of the Conference on The Future of Software Engineering, pages 227--239, 2000.
[6]
Y. Elrakaiby, T. Mouelhi, and Y. Le Traon. Testing obligation policy enforcement using mutation analysis. In ICST, pages 673--680, 2012.
[7]
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. 2001.
[8]
A. A. E. Kalam, S. Benferhat, A. Miège, R. E. Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte, and G. Trouessin. Organization based access control. In POLICY, 2003.
[9]
G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An overview of aspectj. pages 327--353, 2001.
[10]
Y. Le Traon, T. Mouelhi, A. Pretschner, and B. Baudry. Test-driven assessment of access control in legacy applications. In Proc. the 2008 International Conference on Software Testing, Verification, and Validation, pages 238--247, 2008.
[11]
P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. In In Proceedings of the 21st National Information Systems Security Conference, pages 303--314, 1998.
[12]
W. Mallouli, F. Bessayah, A. R. Cavalli, and A. Benameur. Security rules specification and analysis based on passive testing. In GLOBECOM, pages 2078--2083, 2008.
[13]
T. Mouelhi, F. Fleurey, and B. Baudry. A generic metamodel for security policies mutation. In ICST Workshops, pages 278--286, 2008.
[14]
T. Mouelhi, F. Fleurey, B. Baudry, and Y. Le Traon. A model-based framework for security policy specification, deployment and testing. In MoDELS, pages 537--552, 2008.
[15]
T. Mouelhi, Y. Le Traon, and B. Baudry. Mutation analysis for security tests qualification. In Mutation'07: third workshop on mutation analysis in conjuction with TAIC-Part, September 10-11, pages 171--180, 2007.
[16]
T. Mouelhi, Y. Le Traon, and B. Baudry. Transforming and selecting functional test cases for security policy testing. In ICST, pages 171--180, 2009.
[17]
I. Ray, R. B. France, N. Li, and G. Georg. An aspect-based approach to modeling access control concerns. Information & Software Technology, pages 575--587, 2004.
Recommendations
An advanced policy based authorisation infrastructure
DIM '09: Proceedings of the 5th ACM workshop on Digital identity managementWe describe a more advanced authorisation infrastructure for identity management systems which in addition to the traditional Policy Enforcement Point (PEP) and Policy Decision Point (PDP) has an application independent policy enforcement point (AIPEP), ...
RB-GACA: an RBAC based grid access control architecture
Grid computing is emerging as a new format of wide area distributed computing. Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. ...
Access control enforcement delegation for information-centric networking architectures
Special october issue SIGCOMM '12Information is the building block of Information Centric Networks (ICNs). Access control policies limit information dissemination to authorized entities only. Defining access control policies in an ICN is a non-trivial task as an information item may ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sponsors
Publisher
IEEE Press
Publication History
Published: 18 May 2013
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICSE '13
Sponsor:
ICSE '13: 35th International Conference on Software Engineering
May 18 - 19, 2013
California, San Francisco
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 68Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 19 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in