@article{chen_liu_hwang_xie_2012, title={First step towards automatic correction of firewall policy faults}, volume={7}, number={2}, journal={ACM Transactions on Autonomous and Adaptive Systems}, author={Chen, F. and Liu, A. X. and Hwang, J. and Xie, T.}, year={2012} }
 @inproceedings{hwang_xie_el kateb_mouelhi_le traon_2012, title={Selection of regression system tests for security policy evolution}, DOI={10.1145/2351676.2351719}, abstractNote={As security requirements of software often change, developers may modify security policies such as access control policies (policies in short) according to evolving requirements. To increase confidence that the modification of policies is correct, developers conduct regression testing. However, rerunning all of existing system test cases could be costly and time-consuming. To address this issue, we develop a regression-test-selection approach, which selects every system test case that may reveal regression faults caused by policy changes. Our evaluation results show that our test-selection approach reduces a substantial number of system test cases efficiently.}, booktitle={2012 proceedings of the 27th ieee/acm international conference on automated software engineering (ase)}, author={Hwang, J. H. and Xie, T. and El Kateb, D. and Mouelhi, T. and Le Traon, Y.}, year={2012}, pages={266–269} }
 @article{liu_chen_hwang_xie_2011, title={Designing Fast and Scalable XACML Policy Evaluation Engines}, volume={60}, ISSN={["1557-9956"]}, DOI={10.1109/tc.2010.274}, abstractNote={Most prior research on policies has focused on correctness. While correctness is an important issue, the adoption of policy-based computing may be limited if the resulting systems are not implemented efficiently and thus perform poorly. To increase the effectiveness and adoption of policy-based computing, in this paper, we propose fast policy evaluation algorithms that can be adapted to support various policy languages. In this paper, we focus on XACML policy evaluation because XACML has become the de facto standard for specifying access control policies, has been widely used on web servers, and is most complex among existing policy languages. We implemented our algorithms in a policy evaluation system called XEngine and conducted side-by-side comparison with Sun Policy Decision Point (PDP), the industrial standard for XACML policy evaluation. The results show that XEngine is orders of magnitude faster than Sun PDP. The performance difference grows almost linearly with the number of rules in an XACML policy. To our best knowledge, there is no prior work on improving XACML policy evaluation performance. This paper represents the first step in exploring this unknown space.}, number={12}, journal={IEEE TRANSACTIONS ON COMPUTERS}, author={Liu, Alex X. and Chen, Fei and Hwang, JeeHyun and Xie, Tao}, year={2011}, month={Dec}, pages={1802–1817} }
 @article{hu_kuhn_xie_hwang_2011, title={MODEL CHECKING FOR VERIFICATION OF MANDATORY ACCESS CONTROL MODELS AND PROPERTIES}, volume={21}, ISSN={["1793-6403"]}, DOI={10.1142/s021819401100513x}, abstractNote={ Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a general approach for property verification for MAC models. The approach defines a standardized structure for MAC models, providing for both property verification and automated generation of test cases. The approach expresses MAC models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify the integrity, coverage, and confinement of these properties for the MAC models and finally generates test cases via combinatorial covering array for the system implementations of the models. }, number={1}, journal={INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING}, author={Hu, Vincent C. and Kuhn, D. Richard and Xie, Tao and Hwang, Jeehyun}, year={2011}, month={Feb}, pages={103–127} }
 @article{hwang_xie_hu_2009, title={Detection of Multiple-Duty-Related Security Leakage in Access Control Policies}, ISBN={["978-0-7695-3758-0"]}, DOI={10.1109/ssiri.2009.63}, abstractNote={Access control mechanisms control which subjects (such as users or processes) have access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access control policies written in XACML could be amenable to multiple-duty-related security leakage, which grants unauthorized access to a user when the user takes multiple duties (e.g., multiple roles in role-based access control policies). To help policy authors detect multiple-duty-related security leakage, we develop a novel framework that analyzes policies and detects cases that potentially cause the leakage. In such cases, a user taking multiple roles (e.g., both r1 and r2) is given a different access decision from the decision given to a user taking an individual role (e.g., r1 and r2, respectively). We conduct experiments on 11 XACML policies and our empirical results show that our framework effectively pinpoints potential multiple-duty-related security leakage for policy authors to inspect.}, journal={2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS}, author={Hwang, JeeHyun and Xie, Tao and Hu, Vincent C.}, year={2009}, pages={65–74} }
 @article{hwang_xie_chen_liu_2009, title={Fault Localization for Firewall Policies}, ISBN={["978-0-7695-3826-6"]}, ISSN={["1060-9857"]}, DOI={10.1109/srds.2009.38}, abstractNote={Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. Ensuring the correctness of firewall policies through testing is important. In firewall policy testing, test inputs are packets and test outputs are decisions. Packets with unexpected (expected) evaluated decisions are classified as failed (passed) tests. Given failed tests together with passed tests, policy testers need to debug the policy to detect fault locations (such as faulty rules). Such a process is often time-consuming.To help reduce effort on detecting fault locations, we propose an approach to reduce the number of rules for inspection based on information collected during evaluating failed tests. Our approach ranks the reduced rules to decide which rules should be inspected first. We performed experiments on applying our approach. The empirical results show that our approach can reduce 56% of rules that are required for inspection in fault localization.}, journal={2009 28TH IEEE INTERNATIONAL SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS, PROCEEDINGS}, author={Hwang, JeeHyun and Xie, Tao and Chen, Fei and Liu, Alex X.}, year={2009}, pages={100-+} }