Authors:
Said Daoudagh
1
;
Francesca Lonetti
2
and
Eda Marchetti
2
Affiliations:
1
Istituto di Scienza e Tecnologie dell’Informazione ”Alessandro Faedo”, CNR, Pisa, Italy, University of Pisa, Pisa and Italy
;
2
Istituto di Scienza e Tecnologie dell’Informazione ”Alessandro Faedo”, CNR, Pisa and Italy
Keyword(s):
Access Control Systems, Web Service, Testing.
Related
Ontology
Subjects/Areas/Topics:
Computer-Supported Education
;
Enterprise Information Systems
;
Information Systems Analysis and Specification
;
Information Technologies Supporting Learning
;
Security
;
Security and Privacy
Abstract:
In distributed environments, information security is a key factor and access control is an important means to guarantee confidentiality of sensitive and valuable data. In this paper, we introduce a new decentralized framework for testing of XACML-based access control engines. The proposed framework is composed of different web services and provides the following functionalities: i) generation of test cases based on combinatorial testing strategies; ii) decentralized oracle that associates the expected result to a given test case, i.e. an XACML request; and finally, iii) a GUI for interacting with the framework and providing some analysis about the expected results. A first validation confirms the efficiency of the proposed approach.