Testing Access Control Policies

Date Added: Dec 2009
Format: PDF

As software systems become more and more complex, and are deployed to manage a large amount of sensitive in-formation and resources, specifying and managing correct access control policies is critical and yet challenging. Policy testing is an important means to increasing confidence in the correctness of specified policies and their implementations for access control. There are two types of policy testing. In the first type, the artifacts under test are policy specifications and the main testing goal is to assure the correctness of the policy specifications.