Tao Xie
North Carolina State University, Computer Science, Faculty Member
Abstract—As security requirements of software often change during development and maintenance, developers may modify policies according to evolving requirements. In order to increase confidence that the modification of policies is correct... more
Abstract—As security requirements of software often change during development and maintenance, developers may modify policies according to evolving requirements. In order to increase confidence that the modification of policies is correct and does not introduce unexpected behavior, developers conduct regression testing. For regression testing, rerunning all of existing system test cases is costly and time-consuming, especially for large-scale systems.
Abstract Access control mechanisms are a widely adopted technology for information security. Since access decisions (ie, permit or deny) on requests are dependent on access control policies, ensuring the correct modeling and... more
Abstract Access control mechanisms are a widely adopted technology for information security. Since access decisions (ie, permit or deny) on requests are dependent on access control policies, ensuring the correct modeling and implementation of access control policies is crucial for adopting access control mechanisms. To address this issue, we develop a tool, called ACPT (Access Control Policy Testing), that helps to model and implement policies correctly during policy modeling, implementation, and verification.
Abstract Access control policies are often specified in declarative languages. In this paper, we propose a novel approach, called mutation verification, to assess the quality of properties specified for a policy and, in doing so, the... more
Abstract Access control policies are often specified in declarative languages. In this paper, we propose a novel approach, called mutation verification, to assess the quality of properties specified for a policy and, in doing so, the quality of the verification itself. In our approach, given a policy and a set of properties, we first mutate the policy to generate various mutant policies, each with a single seeded fault. We then verify whether the properties hold for each mutant policy.
Abstract Access control mechanisms control which subjects (such as users or processes) have access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access... more
Abstract Access control mechanisms control which subjects (such as users or processes) have access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access control policies written in XACML could be amenable to multiple-duty-related security leakage, which grants unauthorized access to a user when the user takes multiple duties (eg, multiple roles in role-based access control policies).
Abstract Access control (AC) is one of the most fundamental and widely used requirements for privacy and security. Given a subject's access request on a resource in a system, AC determines whether this request is permitted or denied based... more
Abstract Access control (AC) is one of the most fundamental and widely used requirements for privacy and security. Given a subject's access request on a resource in a system, AC determines whether this request is permitted or denied based on AC policies (ACPs). This position paper introduces our approach to ensure the correctness of AC using verification. More specifically, given a model of an ACP, our approach detects inconsistencies between models, specifications, and expected behaviors of AC.
Abstract—Modern access control architectures tend to separate the business logic from access control policy specification for the sake of authorizations manageability. Request evaluation is processed by a Policy Decision Point (PDP) that... more
Abstract—Modern access control architectures tend to separate the business logic from access control policy specification for the sake of authorizations manageability. Request evaluation is processed by a Policy Decision Point (PDP) that encapsulates the access control policy and interacts with the business logic through Policy Enforcement Points (PEPs). Such architecture may engender a performance bottleneck due to the number of rules that have to be evaluated by a single PDP.
Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct... more
Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice.
Abstract Many Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests,... more
Abstract Many Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies.
Abstract Firewalls are critical components of network security and have been widely deployed for protecting private networks. A firewall determines whether to accept or discard a packet that passes through it based on its policy. However,... more
Abstract Firewalls are critical components of network security and have been widely deployed for protecting private networks. A firewall determines whether to accept or discard a packet that passes through it based on its policy. However, most real-life firewalls have been plagued with policy faults, which either allow malicious traffic or block legitimate traffic. Due to the complexity of firewall policies, manually locating the faults of a firewall policy and further correcting them are difficult.
Abstract As security requirements of software often change, developers may modify security policies such as access control policies (policies in short) according to evolving requirements. To increase confidence that the modification of... more
Abstract As security requirements of software often change, developers may modify security policies such as access control policies (policies in short) according to evolving requirements. To increase confidence that the modification of policies is correct, developers conduct regression testing. However, rerunning all of existing system test cases could be costly and time-consuming.
Abstract Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. Ensuring the correctness of firewall policies through testing is important. In firewall policy testing,... more
Abstract Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. Ensuring the correctness of firewall policies through testing is important. In firewall policy testing, test inputs are packets and test outputs are decisions. Packets with unexpected (expected) evaluated decisions are classified as failed (passed) tests. Given failed tests together with passed tests, policy testers need to debug the policy to detect fault locations (such as faulty rules).
Abstract In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which resources, a request is... more
Abstract In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which resources, a request is formulated from a component, called a Policy Enforcement Point (PEP) located in application code. Given a request, a Policy Decision Point (PDP) evaluates the request against an access control policy and returns its access decision (ie, permit or deny) to the PEP.
Abstract Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing... more
Abstract Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem.
Abstract Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. As the quality of protection provided by a firewall directly depends on the quality of its policy (ie,... more
Abstract Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. As the quality of protection provided by a firewall directly depends on the quality of its policy (ie, configuration), ensuring the correctness of security policies is important and yet difficult. To help ensure the correctness of a firewall policy, we propose a systematic structural testing approach for firewall policies.