Model-Based Testing of Obligatory ABAC Systems

Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained access control and accountability. An obligatory ABAC system can be implemented incorrectly for various reasons, such as programming errors and incorrect access control and obligation specification. To reveal these implementation defects, this paper presents an approach to model-based testing of obligatory ABAC systems. In this approach, we first build a test model by specifying a functional model and an obligatory ABAC policy. The policy represents access control and obligation constraints on the functional model. Then we weave the policy with the functional model into an integrated model that represents both functions under test and access control and obligation constraints on them. Test cases can then be generated from the integrated model. Our approach is built upon MISTA, an open source test code generator that supports a variety of programming languages and test frameworks. To validate our approach, this paper presents a first case study on the development and testing of an open-source obligatory ABAC system. We evaluated the effectiveness of the approach by mutation analysis of the ABAC and obligation rules and the policy enforcement code in the implementation. The result shows that our approach is capable of finding the majority of injected faults.