Sciweavers

ACSAC
2008
IEEE

Assessing Quality of Policy Properties in Verification of Access Control Policies

14 years 2 months ago
Assessing Quality of Policy Properties in Verification of Access Control Policies
Access control policies are often specified in declarative languages. In this paper, we propose a novel approach, called mutation verification, to assess the quality of properties specified for a policy and, in doing so, the quality of the verification itself. In our approach, given a policy and a set of properties, we first mutate the policy to generate various mutant policies, each with a single seeded fault. We then verify whether the properties hold for each mutant policy. If the properties still hold for a given mutant policy, then the quality of these properties is determined to be insufficient in guarding against the seeded fault, indicating that more properties are needed to augment the existing set of properties to provide higher confidence of the policy correctness. We have implemented Mutaver, a mutation verification tool for XACML, and applied it to policies and properties from a real-world software system.
Evan Martin, JeeHyun Hwang, Tao Xie, Vincent C. Hu
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where ACSAC
Authors Evan Martin, JeeHyun Hwang, Tao Xie, Vincent C. Hu
Comments (0)