an automated model based test oracle for access control
play

An Automated Model-based Test Oracle for Access Control Systems - PowerPoint PPT Presentation

Oct 20, 2022 •138 likes •459 views

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

  1. An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa

  2. Agenda Introduction Access Control Systems • XACML policies • XACML testing • XACMET approach XACML oracle • XAC-tree, XAC-graph and XAC-paths • Empirical Evaluation Study 1: OASIS conformance test suite • Study 2: comparison against multiple PDPs • Conclusions and Future Work 2

  3. Introduction Security is a primary concern in modern interconnected distributed software systems It is made of the CIA Triad: Confidentiality • Integrity • Availability • 3

  4. Access control For data and resources security, we need to ensure that only the intended subjects can access them and that these intended users are only given the level of access required to accomplish their tasks. An access control system provides a decision to an authorization request, typically based on predefined policies POLICY RESPONSE REQUEST Access Control 4

  5. Defining security policies A security policy states what is and what is not allowed 5

  6. XACML Standard eXtensible Access Control Markup Language www.oasis-open.org v XACML is the OASIS standard for specifying Access Control Policy v It is a general-purpose language for access control policies. It provides an XML-based syntax for managing access to resources 6

  7. XACML languages 7

  8. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 8

  9. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 9

  10. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> Rule2 <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 10

  11. XACML policy example <Policy RuleCombiningAlgId="deny-overrides" PolicyId="policyExample"> <Target></Target> <Rule RuleId="rule1" Effect="Deny"> <Target> <Resource> Rule1 <AttributeValue >documentEntry</AttributeValue> </Resource> <Action> Target <AttributeValue >Write</AttributeValue> </ Action > </Target> </Rule> <Rule RuleId="rule2" Effect="Permit"> <Target> Rule2 <Subject> <AttributeValue >Julius</AttributeValue> </Resource> < Resource > Target <AttributeValue >book</AttributeValue> </ Resource > </Target> </Rule> </Policy> 11

  12. XACML architecture 12

  13. XACML architecture evaluates applicable policy and returns an authorization decision 13

  14. How do we validate the access control system? XACML properties of interoperability, extensibility, distribution are paid in terms of complexity and verbosity Policies can be deceiving and need to be carefully tested 14

  15. Two testing purposes Testing the policies ß vs. à Testing the PDP SUT POLICIES POLICIES TEST SUITE TEST SUITE PDP PDP SUT REPLY REPLY 15

  16. Two testing purposes Testing the policies ß vs. à Testing the PDP POLICIES TEST SUITE PDP SUT REPLY 16

  17. Motivation Several proposals for automating PDP testing, including: Mutation; • Coverage; • Random; • Combinatorial; • Model-based techniques. • They all share an important drawback: the lack of the oracle i.e., for the generated requests the expected PDP decision is not • provided; an important limitation, especially when test suites are large and • manual inspection of results is unfeasible. 17

  18. XACML oracle Given a generic request, the result of the evaluation of an XACML policy with that request depends on: • the request values; • the policy constraints; • as well as the combining algorithm that prioritizes the evaluation of the policy rules.

  19. XACMET XACML Modeling & Testing XACML Policy Expected XACMET Decision XACML Request 19

  20. XACMET oracle derivation 1. The XACML policy is represented as a XAC-Tree 2. The XAC-Tree is transformed into a XAC-Graph 3. The paths over the XAC-Graph are derived 4. For each path, a verdict (the oracle) is obtained 20

  21. XAC-Tree example 21

  22. XAC-Graph 22

  23. Two examples of XAC-Paths

  24. Evaluation We conducted two studies: 1. Compliance with XACML conformance test suite 2. Comparison against one BB existing approach: Nuo Li, JeeHyun Hwang, and Tao Xie. 2008. Multiple- implementation testing for XACML implementations. TAV- WEB '08 24

  25. Study 1 For each test case, we derived XAC-Graph associated to • the XACML policy and an ordered set of paths. Then, we evaluated the XACML request against the • obtained set of paths, we identified the first covered path and derived the verdict associated to that path. Finally, we compared this verdict with the decision value • specified in the response belonging to the test case. 25

  26. Study 1 XACML Policy Functionality XACML Request #Policy #Rule #Cond #Sub #Res #Act #Funct Conformance Test Suite XACML Policies II A (90 %) 18 18 12 18 8 16 112 18 II B (100 %) 53 53 6 51 50 98 410 53 II C (10 %) 22 22 22 18 3 1 102 22 II D (17 %) 5 13 7 13 - - 60 5 A Conformance Test Case consists of three elements : XACML policy , XACML request , and XACML response We focused on the subset of tests implementing the mandatory functionalities For all tests, the XACMET verdict coincided with the expected access decision. 26

  27. Study 2 27

  28. Study 2 XACML Policy Functionality XACML Request # Policy #Rule #Cond #Sub #Res #Act #Funct Real world XACML Policies 1 6 5 3 3 0 4 8 2_73020419964_2 1 3 2 1 2 1 3 5 create-document 1 3 2 2 3 2 4 13 demo-5 1 3 2 2 3 1 5 8 demo-11 1 2 1 1 3 1 4 16 demo-26 1 4 3 2 4 1 3 6 read-document 1 2 1 0 2 1 2 4 read-informationunit 1 4 3 2 4 1 3 6 read-patient 1 3 0 24 3 3 2 18 Xacml-Nottingham-1 For all requests the XACMET oracle verdict coincided with the one from the multiple PDPs 28

  29. Conclusions Ø We have introduced a novel model-based approach to automatic generation of XACML oracle for testing policy evaluation engines. Ø The XACMET approach fully automatically derives a verdict for each XACML request by considering the expected behavior of the PDP. Ø Experimental results so far evidence the effectiveness of our proposal with respect to the oracle provided in the XACML conformance tests. 29

  30. Future Work Ø We plan to extend our automated oracle in order to consider more functionalities of the XACML conformance policies Ø The XACMET approach is being extended to be compliant with the latest version of the XACML standard Ø The XACMET approach can also be used for (not shown here): Ø Automatically generating a test suite Ø Measuring the coverage over the XAC-Graph Ø Future work will also include further experimentation of XACMET, and its comparison with other model-based approaches. 30

  31. Thank you for your attention! Antonia Bertolino, Said Daoudagh, Francesca Lonetti, Eda Marchetti: An Automated Model-based Test Oracle for Access Control Systems . AST@ICSE, Gothenburg, Sweden. May 28-29, 2018. For XACMET details please contact: said.daoudagh@di.unipi.it

Recommend

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from SysML Models Jrg Brauer and Jan Peleska Verified Systems International GmbH support@verified.de Space Tech Expo Europe 2015-11-19 Motivation

499 views • 26 slides
Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems

Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems

Automated Test and Re-Test (ATRT) Model-Based Testing (MBT) of Integrated Aviation Mission Systems Develop a software tool that will check instrumentation data collected from an integrated mission system to see if the observed system behaviors

475 views • 10 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based

Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based

Robustness of model-based control Emo Todorov Roboti LLC University of Washington Model-based control already works on complex dynamical systems Abbeel et al, IJRR 2010 nominal model physics model predictive control Williams et al, ICRA

251 views • 10 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint

Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint

Combined Static and Dynamic Automated Test Generation Sai Zhang University of Washington Joint work with: David Saff, Yingyi Bu, Michael D. Ernst 1 Unit Testing for Object-oriented Programs Unit test = sequence of method calls + testing oracle

1.38k views • 43 slides
HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations &amp; Practice of

1.05k views • 49 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R.

Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R.

Automated test of the AMG Speedshift DCT control software M. Tatar QTronic GmbH, Berlin R. Schaich, T. Breitinger Mercedes-AMG GmbH, Affalterbach 9 th International CTI Symposium Berlin, 2010 Outline Motivation Principle of the scenario

207 views • 18 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression Evaluation History April 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Overview Protection state of system Describes current settings,

310 views • 13 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists May 31, 2005 ECS 235, Computer and Information Slide #1 Security Access Control Lists Columns

1.24k views • 80 slides
Presentation Objectives Test coverage concepts Advantages of automated test coverage

Presentation Objectives Test coverage concepts Advantages of automated test coverage

Automated Test Coverage: Take Your Test Suites To the Next Level Presented By Jay Berkenbilt Apex CoVantage Solving the Software Quality Puzzle Page 1 www.psqtconference.com D Presentation Objectives Test coverage

412 views • 29 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program Repair Mingyue Jiang 1,2, Tsong Yueh Chen 2, Fei-Ching Kuo 2, Zuohua Ding 1, Eun-Hye Choi 3, Osamu Mizuno 4 1 Zhejiang Sci-Tech University,

465 views • 19 slides
Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts

Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts

Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts Test Basis 4.1.2: Test Analysis 4.1.4: Test Implementation Test Selected Test Cases Test Conditions Conditions 4.1.3: Test Design 2 Test

1.18k views • 38 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
The Chinese Wall Conflict of Interests Access Control Model Chinese Wall Policy

The Chinese Wall Conflict of Interests Access Control Model Chinese Wall Policy

Introduction Access Control Models Other models: Part II The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is Elisa Bertino sometimes considered a policy-neutral model

611 views • 12 slides
Logics for Data and Knowledge Representation Application of DLs: RelBAC Outline New

Logics for Data and Knowledge Representation Application of DLs: RelBAC Outline New

Logics for Data and Knowledge Representation Application of DLs: RelBAC Outline New Challenges for Access Control Model and Logic Automated Reasoning Reasoning tasks SoD 2 NEW CHALLENGES FOR ACCESS CONTROL :: MODEL AND

540 views • 19 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation Stefan Klikovits Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD Universit e de Gen` eve 28 th September, 2015 Automated Test Reminder: Testing is not easy Case

609 views • 33 slides

More recommend