Design of Access Control Policy Checker (ACPC)

Sharma, Suraj (2009) Design of Access Control Policy Checker (ACPC). MTech thesis.



Any type of system, having different users, need to have a access control system for authorized access and prevention of harm. Access Control System which is specifying separately in the system by a separate policy specification is a solution for that problem. Access Control System contains the different policies, whose work is to receive access requests then it consults to the policy and then returns a response, specifying that the user request is permitted or denied. To implement these access control policies are not an easy task, because of the huge system requirement. For checking the correctness of the policies which is deployed into the system are very difficult. In this thesis, a systematic and automated toll for policy testing is provided. For test a policy it involve generation of test cases, evaluation of policies with respect to those test cases and at last comparison between the expected and actual results.

In the approach to policy testing, we conducted the change-impact analysis for generating the requests, and mutation testing for testing the specified policy. The testing framework called ACPC (Access Control Policy Checker), used Margrave tool [25] to perform change-impact analysis [7] for generating requests. We have choosen like previous work [22] an access control specification language, Extensible Access Control Markup Language (XACML).

We conducted experiments using nine policy sets to evaluate the effectiveness by the framework. The experimental result shows that ACPC can effectively generate requests to achieve high structural coverage of policies and outperforms random requests generation in terms of structural coverage and fault-detection capability. We have used nine mutation operators to make the mutant policy for mutation testing. We found the better result by classify these mutation operator in to three classes. We got up to 98% of mutant killed by one class of mutation operator, this results shows that, the classification gives better performance in terms of cost and time.

Item Type:Thesis (MTech)
Uncontrolled Keywords:Access Control Policy Checker(ACPC), XACML, P3P
Subjects:Engineering and Technology > Computer and Information Science > Data Mining
Divisions: Engineering and Technology > Department of Computer Science
ID Code:1443
Deposited By:Suraj Sharma
Deposited On:06 Jun 2009 10:16
Last Modified:08 Jun 2010 17:29
Related URLs:
Supervisor(s):Jena, S K

Repository Staff Only: item control page