control plays an important role in managing sensitive information and
resources. An access control policy defines the conditions to which the access
to resources can be granted and to whom. Our research focuses on verification
and validation of attribute-based access control (ABAC) policies, role-based
access control (RBAC) policies, and obligations.
- Dianxiang Xu and Shuai Peng. Towards Automatic Repair of Access Control
Policies. Proc. of the 14th IEEE
Conference on Privacy, Security and Trust (PST'16), Auckland, New
Zealand, December 2016.
- Sung-Ju Fan Chiang, Daniel Chen and Dianxiang
Xu. Conformance Testing of Balana: An Open
Source Implementation of the XACML3.0 Standard. Proc. of the 28th International Conf. on Software Engineering and
Knowledge Engineering (SEKE'16), San Francisco Bay, July 2016.
- Dianxiang Xu, Zhenyu Wang, Shuai Peng,
Ning Shen. Automated Fault Localization of XACML Policies, Proc. of the 21st ACM Symposium on
Access Control Models and Technologies (SACMAT'16), pp. 137-147,
Shanghai, China, June 2016.
- Dianxiang Xu, Yunpeng Zhang, Ning Shen. Formalizing Semantic
Differences between Combining Algorithms in XACML 3.0 Policies, Proc. of the 2015 International
Conference on Software Quality, Reliability and Security (QRS'15), Vancouver,
Canada. August 2015.
- Dianxiang Xu, Ning Shen, Yunpeng Zhang. Fault-Based Testing of Combining
Algorithms in XACML3.0 Policies. Proc.
of the 27th International Conf. on Software Engineering and Knowledge
Pittsburg, July 2015.
- Dianxiang Xu,
Michael Kent, Lijo Thomas, Tejeddine
Mouelhi, and Yves Le Traon.
Automated Model-Based Testing of Role-Based Access Control Using
Predicate/Transition Nets. IEEE
Transactions on Computers, Vo. 64, No. 9, pp. 2490-2505, September 2015.
- Dianxiang Xu, Yunpeng Zhang. Specification and Analysis of
Attribute-Based Access Control Policies: An Overview. Proc. of the International Workshop on Information Assurance,
in conjunction with SERE'14. San Francisco, CA. June 2014.
- Sandeep Lakkaraju and Dianxiang Xu,
Integrated Modeling and Analysis of Attribute based Access Control
Policies and Workflows in Healthcare, Proc.
of the 1st International Conference on Trustworthy Systems and Their
Applications (TSA'14), Taiwan, June 2014.
- Dianxiang Xu,
Michael Sanford, Zhaoliang Liu, Mark Emry, Brad Brockmueller,
Spencer Johnson, Michael To. Testing Access Control and Obligation
Policies, Proc. of the 2013
International Conference on Computing, Networking and Communications
(ICNC'13), San Diego, January 2013.
- Dianxiang Xu, Lijo Thomas, Michael Kent, Tejeddine Mouelhi, and Yves
Le Traon. A Model-Based Approach to Automated Testing of Access Control
Policies. Proc. of the 17th ACM Symposium on Access Control Models and
Technologies (SACMAT12), Newark, USA, June 2012.