A toolchain for designing and testing access control policies

Abstract

Security is an important aspect of modern information management systems. The crucial role of security in this systems demands the use of tools and applications that are thoroughly validated and verified. However, the testing phase is an effort consuming activity that requires reliable supporting tools for speeding up this costly stage. Access control systems, based on the integration of new and existing tools are available in the Service Development Environment (SDE). We introduce an Access Control Testing toolchain (ACT) for designing and testing access control policies that includes the following features: (i) the graphical specification of an access control model and its translation into an XACML policy; (ii) the derivation of test cases and their execution against the XACML policy; (iii) the assessment of compliance between the XACML policy execution and the access control model. In addition, we illustrate the use of the ACT toolchain on a case study.