A Formal Validation Approach for XACML 3.0 Access Control Policy.
Sensors (Basel)
; 22(8)2022 Apr 13.
Article
em En
| MEDLINE
| ID: mdl-35458969
ABSTRACT
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies. The verbosity and complexity of XACML syntax as well as the natural language semantics provided by the standard make the verification and testing of these policies difficult and error-prone. In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes. This paper provides three contributions it provides a comprehensive formal specification of XACML 3.0 policy elements; it leverages the existing policy coverage criteria to be suitable for XACML 3.0; and it introduces a new set of coverage criteria to better focus the testing activities on the peculiarities of XACML 3.0. The application of the proposed coverage criteria to a policy example is described, and hints for future research directions are discussed.
Palavras-chave
Texto completo:
1
Coleções:
01-internacional
Base de dados:
MEDLINE
Assunto principal:
Semântica
/
Idioma
Tipo de estudo:
Prognostic_studies
Idioma:
En
Revista:
Sensors (Basel)
Ano de publicação:
2022
Tipo de documento:
Article