This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control mechanisms in particular. Requirements of an access control policy language are introduced and their underlying organizational philosophy is discussed. Next, a number of access control models are discussed and a brief outline of various policy verification approaches is presented. A methodology for validation of access control implementations is presented along with two approaches for test suite generation, that is, complete FSM based and heuristics based. This chapter is aimed at providing an overview of the access control policy engineering activity and in-depth view of one approach to device test cases for an access control implementation mechanism.
Implications of loosened role-based access control session control implementation for the enforcement of dynamic mutually exclusive roles properties on Health Information Systems
