ABSTRACT
Policy testing is the testing process to assure the cor-
rectness of policy specifications and implementations.
With adequate policy testing, one can increase confidence
on the correctness of policy specifications and implemen-
tations. By observing the execution of a policy implemen-
tation with a test input (i.e., access request), the testers
may identify any faults in the policy specifications or
implementations, and validate whether the corresponding
output (i.e., access decision) is intended. Moreover,
potential malfunctions or missing control in the policy
specification or implementation can be identified during
the test execution. Although policy testing mechanisms
vary because there is no single standard way to specify or
implement access control policies in general the main
goals to conduct policy testing are as follows: assure the
correctness of the policy specifications and assure the
conformance between the policy specifications and
implementations.