With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for determining incorrect combining algorithms in XACML 3.0 policies. It exploits an efficient constraint solver to generate queries to which a given policy produces different responses than its combinin...
XACML is the de facto standard for implementing access control policies. Testing the correctness of ...
As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasi...
Access control policies in distributed systems, particularly implemented in the XACML standard langu...
With the increasing complexity of software, new access control methods have emerged to deal with att...
With the increasing complexity of software, new access control methods have emerged to deal with att...
With the continually increasing complexity of software and an increasing need for secure software th...
XACML is a standard language for specifying attribute-based access control policies of computer and ...
While the standard language XACML is very expressive for specifying fine-grained access control poli...
Access control policies written in the XACML standard language tend to be complex due to the great v...
The goal of this thesis is to find provably correct methods for detecting conflicts between XACML ru...
This paper presents XPA (XACML Policy Analyzer), an open source IDE (Integrated Development Environm...
There exist various testing methods for XACML policies which vary in their overall fault detection a...
Abstract. Web-based software systems are increasingly used for accessing and manipulating sensitive ...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
XACML is the de facto standard for implementing access control policies. Testing the correctness of ...
As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasi...
Access control policies in distributed systems, particularly implemented in the XACML standard langu...
With the increasing complexity of software, new access control methods have emerged to deal with att...
With the increasing complexity of software, new access control methods have emerged to deal with att...
With the continually increasing complexity of software and an increasing need for secure software th...
XACML is a standard language for specifying attribute-based access control policies of computer and ...
While the standard language XACML is very expressive for specifying fine-grained access control poli...
Access control policies written in the XACML standard language tend to be complex due to the great v...
The goal of this thesis is to find provably correct methods for detecting conflicts between XACML ru...
This paper presents XPA (XACML Policy Analyzer), an open source IDE (Integrated Development Environm...
There exist various testing methods for XACML policies which vary in their overall fault detection a...
Abstract. Web-based software systems are increasingly used for accessing and manipulating sensitive ...
Context: In modern pervasive applications, it is important to validate access control mechanisms tha...
XACML is the de facto standard for implementing access control policies. Testing the correctness of ...
As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasi...
Access control policies in distributed systems, particularly implemented in the XACML standard langu...