Security services are provided through: The applications, operating systems, databases, and the network. There are many proposals to use policies to define, implement and evaluate security services. We discussed a full test automation framework to test XACML based policies. Using policies as input the developed tool can generate test cases based on the policy and the general XACML model. We evaluated a large dataset of policy implementations. The collection includes more than 200 test cases that represent instances of policies. Policies are executed and verified, using requests and responses generated for each instance of policies. WSO2 platform is used to perform different testing activities on evaluated policies.
Digital Object Identifier (DOI)
International Journal of Security and its Applications
Alsmadi, Izzat M., "Approaches for Testing and Evaluation of XACML Policies" (2014). Computer Science Faculty Publications. 4.