Title :
Assessing Quality of Policy Properties in Verification of Access Control Policies
Author :
Martin, Evan ; Hwang, JeeHyun ; Xie, Tao ; Hu, Vincent
Author_Institution :
Google, Inc., Santa Monica, CA
Abstract :
Access control policies are often specified in declarative languages. In this paper, we propose a novel approach, called mutation verification, to assess the quality of properties specified for a policy and, in doing so, the quality of the verification itself. In our approach, given a policy and a set of properties, we first mutate the policy to generate various mutant policies, each with a single seeded fault. We then verify whether the properties hold for each mutant policy. If the properties still hold for a given mutant policy, then the quality of these properties is determined to be insufficient in guarding against the seeded fault, indicating that more properties are needed to augment the existing set of properties to provide higher confidence of the policy correctness. We have implemented Mutaver, a mutation verification tool for XACML, and applied it to policies and properties from a real-world software system.
Keywords :
XML; authorisation; formal verification; Mutaver; XACML; access control policy; declarative languages; eXtensible Access Control Markup Language; mutant policy; mutation verification; policy correctness; policy property; software system; Access control; Application software; Computer science; Computer security; Failure analysis; Fault detection; Genetic mutations; NIST; Software systems; Testing; Access Control; Verification; XACML;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.48
