Abstract: XACML (eXtensible Access Control Markup Language) is a widely used standard for
defining attribute-based access control (ABAC) policies in cloud and service-oriented systems. However, validating XACML policies is challenging due to their hierarchical structure and flexibility,
which often introduce issues such as redundant rules and logical conflicts. Manual test case design is
time-consuming and frequently fails to achieve suffcient coverage. To address these challenges, this
paper proposes an approach for generating and optimizing test cases from XACML access control
policies. We implement this approach as a tool that transforms XACML policies into an XACML
Flow Graph (XFG) and systematically derives test cases through graph traversal. A genetic algorithm
is then applied to optimize the generated test suite while preserving high coverage. Experimental
results on standard XACML policy sets show that the proposed approach significantly reduces test
suite size while maintaining effective coverage, making it suitable for practical policy testing and
continuous assurance.
Keywords: XACML, Test Case Generation, Graph-Based Modeling, Genetic Algorithm, Policy
Verification, ABAC