Software

• X-CREATE: XaCml REquests derivAtion for TEsting
  X-CREATE (XaCml REquests derivAtion for TEsting) is a tool for the automated derivation of a test suite starting from an XACML policy. X-CREATE implements different strategies for deriving XACML requests. The aim of the derived XACML requests is twofold: testing of policy evaluation engines and testing of access control policies.
  
  
• XACMUT: XACML 2.0 Mutants Generator
  XACMUT (XACml MUTation) is a tool for the generation of XACML 2.0 mutants. It generates the set of mutants, provides facilities to run a given test suite on the mutants set and computes the test suite effectiveness in terms of mutation score. The tool includes and enhances the mutants operators of existing security policy mutation approaches.
  
  
• SIMTAC: SIMilarity Testing for Access-Control
  SIMTAC adapts similarity-based prioritization to order XACML test cases. To do this, we need to capture and specify what is a suitable notion of distance between XACML requests. To the best of our knowledge, the approach implemented in SIMTAC is the first attempt to introduce a prioritization strategy in XACML access control systems
  
  
• TXPAINT: Testing XACML Policy Against INTentions
  TXPAINT is a generic framework for testing the compliance of an XACML policy to intended access rights or discovering possible inconsistencies. TXPAINT adopts two well-known testing techniques, i.e., combinatorial and mutation testing, and provides support for generating appropriate test inputs (i.e., requests of access) able to test the constraints, permissions and prohibitions defined in the policy. The framework also provides support to locate the elements involved in the policy under test that are the causes of detected inconsistencies.