Access control policies are increasingly written in specification lan-guages such as XACML. A dedicated software component called a Policy Decision Point (PDP) receives access requests, evaluates requests against specified policies, and returns responses to inform whether access should be granted. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing to probe the PDP with some typical test inputs (in the form of requests) and check test outputs (in the form of re-sponses) against expected ones. Unfortunately, manual test genera-tion is tedious and manually generated tests are often not sufficient to exercise various policy behaviors. In this paper we present an efficient test generatio...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
Access-control lists are an essential part in the security frame-work of any system. Researchers are...
International audienceIf access control policy decision points are not neatly separated from the bus...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
While the standard language XACML is very expressive for specifying fine-grained access control poli...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
International audienceWe present a model-based approach to testing access control requirements. By u...
Any type of system, having different users, need to have a access control system for authorized acce...
Security services are provided through: The applications, operating systems, databases, and the netw...
author was on sabbatical leave at ENST Bretagne. Financial and organizational support is gratefully ...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control is essential for safe and secure access to software and hardware resources. Operating...
XACML is the de facto standard for implementing access control policies. Testing the correctness of ...
Access control policies written in the XACML standard language tend to be complex due to the great v...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
Access-control lists are an essential part in the security frame-work of any system. Researchers are...
International audienceIf access control policy decision points are not neatly separated from the bus...
In access control systems, aimed at regulating the accesses to protected data and resources, a criti...
While the standard language XACML is very expressive for specifying fine-grained access control poli...
Abstract—A policy-based access control architecture com-prises Policy Enforcement Points (PEPs), whi...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
International audienceWe present a model-based approach to testing access control requirements. By u...
Any type of system, having different users, need to have a access control system for authorized acce...
Security services are provided through: The applications, operating systems, databases, and the netw...
author was on sabbatical leave at ENST Bretagne. Financial and organizational support is gratefully ...
Access control policies in software systems can be implemented incorrectly for various reasons. This...
Access control is essential for safe and secure access to software and hardware resources. Operating...
XACML is the de facto standard for implementing access control policies. Testing the correctness of ...
Access control policies written in the XACML standard language tend to be complex due to the great v...
Conformance testing procedures for generating tests from the finite state model representation of Ro...
Access-control lists are an essential part in the security frame-work of any system. Researchers are...
International audienceIf access control policy decision points are not neatly separated from the bus...