Dianxiang Xu, doctoral student Ning Shen, and master’s student Roshan Shrestha won the Best Paper award at the 23rd ACM Symposium on Access Control Models and Methodologies (SACMAT ’18) for their work on “Automated Coverage-Based Testing of XACML Policies.” Ning Shen contributed to this work while he was a master’s student. SACMAT ’18 was held in Indianapolis, Indiana, June 13-15. Sponsored by the Association for Computing Machinery, SACMAT is “the premier forum for the presentation of research results and experience reports on leading-edge issues of access control, including models, systems, applications and theory.”
Access control is a fundamental cybersecurity mechanism that regulates who can access what and when in cyber systems. With the rapid development of information technology, access control techniques are shifting from role-based access control to attribute-based access control so as to enable fine-grained security regulations. However, quality assurance of attribute-based access control policies has been a challenge due to their complexity. The award-winning research formulated a family of test coverage criteria for attribute-based access control policies written in XACML, developed an open-source tool for automated coverage-based test generation, and evaluated the quality assurance levels of coverage-based testing methods. XACML is an industry-standard for specifying attribute-based access control policies. It has been used as the authorization engine in new generation identity management products.