Testing and Verification of Security Policy



Access control is one of the most fundamental and widely used privacy and security mechanisms at both application and network levels. Given the high importance and delicacy of security policies, ensuring the correctness of security policies is important, and yet difficult. A tiny error in security policies could lead to irreparable, if not tragic, consequences. Therefore, identifying discrepancies between policy specifications and their intended function is a crucial task. To achieve this goal, security policies must undergo systematic, rigorous testing and verification to ensure that they truly represent the intention of their policy authors. This project develops novel techniques and tools for testing and verification of security policies including XACML and firewall policies as well as security models.

We have a subproject on Specification, Testing, and Verification of Risk Adaptable Access Control (RAdAC).



  • Tao Xie.Systematic Testing and Verification of Security Policies. Invited talk. National Institute of Standards and Technology (NIST) Computer Security Division Seminar, August 2008. [Slides]
  • Tao Xie. Conformance Checking of Access Control Policies Specified in XACML. Workshop presentation, the 1st IEEE International Workshop on Security in Software Engineering (IWSSE 2007), Beijing, China, July 2007.
  • Evan Martin. Automated Test Generation for Access Control Policies via Change-Impact Analysis. Workshop presentation, the 3rd International Workshop on Software Engineering for Secure Systems (SESS 2007), Minneapolis, MN, May 2007.
  • Evan Martin. Testing and Analysis of Access Control Policies. Conference doctoral Symposium presentation. the 29th International Conference on Software Engineering (ICSE 2007), Minneapolis, MN, May 2007.
  • Tao Xie. A Fault Model and Mutation Testing of Access Control Policies. Conference presentation, the 16th International Conference on World Wide Web (WWW 2007), Security, Privacy, Reliability, and Ethics Track, Banff, Alberta, Canada, May 2007.
  • Evan Martin. Defining and Measuring Policy Coverage in Testing Access Control Policies. Conference presentation, the 8th International Conference on Information and Communications Security (ICICS 2006), Raleigh, NC, December 2006.
  • Evan Martin. Automated Test Generation for Access Control Policies. Conference fast abstract presentation, the 17th IEEE International Conference on Software Reliability Engineering (ISSRE 2006), Fast Abstracts, Raleigh, NC, November 2006.
  • Evan Martin. Automated test generation for access control policies. Conference ACM SIGPLAN SRC presentation, the 20th Annual ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (Companion) (OOPSLA 2006), ACM SIGPLAN Student Research Competition, Portland, Oregon, USA, October 2006.
  • Evan Martin. Inferring Access-Control Policy Properties via Machine Learning. Workshop presentation, the 7th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2006), London, Ontario Canada, June 2006.
  • Tao Xie. Towards Systematic Testing of Access Control Policies. Invited talk, Foundation of Software Engineering Group, Microsoft Research, April 2006.


Policy Benchmark

Related Links


National Science Foundation Award CNS-0716579, Cyber Trust Program (08/01/2007-07/31/2010)


NIST Supplement to National Science Foundation Award CNS-0716579