Access Control Policy Test Automatic Generation Method Based on Code Generation and Symbolic Execution

An access control strategy and symbolic execution technology, which is applied in the fields of information security cross-technology applications, software testing, and software engineering, can solve problems such as huge time overhead and XACML request redundancy, and achieve strong scalability, high degree of automation, and reduced overhead Effect

Active Publication Date: 2016-01-20
NANJING UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has two shortcomings. First, there is a large amount of redundancy in the generated XACML request; second, the time overhead for generating the request is huge.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access Control Policy Test Automatic Generation Method Based on Code Generation and Symbolic Execution
  • Access Control Policy Test Automatic Generation Method Based on Code Generation and Symbolic Execution
  • Access Control Policy Test Automatic Generation Method Based on Code Generation and Symbolic Execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The present invention will be further described below in conjunction with the accompanying drawings.

[0052] refer to figure 1 , the present invention has five functional components, namely: numerical processor, C code generator, symbol executor, test input translator and strategy evaluator. Among them, the numerical processor converts complex attribute values ​​appearing in the XACML policy into integer values, the C code generator converts the XACML policy into semantically equivalent C code, and the symbolic executor uses the symbolic execution tool to generate the test input of the C code , the test input translator translates the obtained test input into an XACML request, and the policy evaluator evaluates the XACML request and returns a response result.

[0053] In the specific implementation, the working process and input and output of each functional component are as follows:

[0054] (1) Numerical processor

[0055] refer to figure 1 , the numerical proces...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an automatic generation method of access control policy test on the basis of code generation and symbolic execution and makes up for deficiencies of the existing XACML (eXtensible Access Control Markup Language) policy test technologies and tools according to the actual demand of XACML policy test. The automatic generation method comprises the following steps: firstly, conducing numeralization processing on a to-be-tested XACML policy appointed by a user; then, converting the to-be-tested XACML policy into a C code expression form with equivalent semantics; generating test input of the C code through a symbolic execution tool; translating the generated test input into an XACML request; finally, using the generated XACML request as input of a policy evaluator, and transmitting the input to the XACML policy for evaluation to obtain an authorization result. According to the automatic generation method, the test request fully covering the XACML policy can be efficiently generated through the symbolic execution test technology; the automatic generation method is conductive to finding out errors in the XACML policy.

Description

technical field [0001] The invention relates to a testing method of an access control strategy, which uses the symbolic execution technology in software testing to generate an effective XACML test request for the XACML strategy, and tests the correctness of the XACML strategy, and belongs to software engineering, software testing, and information security cross technology application field. Background technique [0002] Access control is one of the important factors of security strategy. It controls the access of unintended subjects to protected sensitive resources. Especially in security-critical fields such as finance and government, there are relatively strict requirements for access control. The tiny details in the access control strategy Mistakes can have serious security consequences. According to the Internet Security Threat Report released by Symantec in 2013, the number of web-based attacks increased by one-third in 2012 compared with 2011. Ranked second in the to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 王林章李永超赵建华李宣东陈志
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products