Effective testing of next-generation access control policies

Abstract

The NGAC (Next Generation Access Control) standard for attribute-based access control (ABAC) allows for run-time changes of the permission and prohibition configurations through administrative obligations triggered by access events. This capability makes access control more fine-grained and dynamic, providing the flexibility to adapt to various business needs and requirements. However, this dynamism also introduces significant challenges in assuring the correctness of NGAC policies. Even minor faults with these policies can lead to serious consequences, potentially impacting business operations and security. As NGAC policies are inherently extensible to accommodate new business requirements, the need for efficient testing methods becomes even more critical, especially for large-scale NGAC policies expected in the future.

This research endeavors to address these challenges and achieve progress within several key areas. Firstly, we perform policy mutation methods to evaluate existing test methods, providing insights into their effectiveness and limitations. Secondly, we define a comprehensive family of obligation coverage criteria and develop various test generation methods based on satisfying these criteria. This allows for more thorough and systematic testing of NGAC obligations. Thirdly, we present a fault-based testing approach aimed at detecting errors in both configurations and obligations within NGAC policies. This approach is designed to identify and address potential vulnerabilities that may not be evident through traditional testing methods.

Our research demonstrates that mutation analysis of NGAC policies can effectively evaluate the robustness of a testing method, revealing potential faults that might be overlooked in an inadequately tested policy. For the test generation methods developed, both coverage-based and fault-based, the experimental results highlight their effectiveness in fault-detection capability. Furthermore, these methods prove to be cost-effective, making them practical for real-world applications in diverse operational environments.

By advancing the methodologies for testing NGAC policies, this research contributes to the development of more reliable and secure access control systems. The proposed approaches not only enhance the ability to detect and correct faults but also support the continuous evolution and scaling of NGAC policies to meet future business needs. This work underscores the importance of rigorous testing in maintaining the integrity and functionality of dynamic and complex access control environments.