Skip to main content

Testing Approach

Each conformance requirement (R1–R9) includes a Verification section describing the minimum test to confirm compliance. This page provides a structured testing protocol.

Test Matrix

ReqTestExpected ResultLevel
R1Submit action matching DENY policyAction does not execute; denial receipt generatedMUST
R1Submit action matching DEFER conditionAction suspended; no effects; deferral receipt generatedMUST
R1Make AARM system unavailable, submit actionAction fails (no fail-open bypass)MUST
R2Execute action sequence, inspect context at step NPolicy engine receives all prior actions and data classificationsMUST
R2Tamper with prior context entry (if hash-chained)Tampering detectedSHOULD
R3Submit forbidden actionImmediate DENY regardless of contextMUST
R3Submit allowed action after sensitive data access (context-dependent deny)DENY based on contextMUST
R3Submit denied action with confirming context (context-dependent allow)STEP_UP or ALLOWMUST
R3Submit action with ambiguous/conflicting context (context-dependent defer)DEFERMUST
R4Trigger each of 5 decision typesCorrect enforcement: ALLOW executes, DENY blocks, MODIFY transforms, STEP_UP pauses, DEFER suspendsMUST
R4STEP_UP with no response within timeoutDENY after timeoutMUST
R4DEFER with no resolution within timeoutDENY after timeoutMUST
R5Generate receipts for ALLOW, DENY, MODIFY, STEP_UP, DEFERRequester context, delegation chain (if present), and policy version/hash present per schemaMUST
R5Verify receipt signature offlineSignature validatesMUST
R5Tamper with requester context or policy hash in receiptSignature verification failsMUST
R5Verify deferred action receiptDeferral reason, resolution method, resolution timestamp presentMUST
R6Submit from different principals and sessionsReceipts correctly attribute identity including role/privilege scopeMUST
R6Defer action, then resolveOriginal identity preserved in resolution receiptMUST
R7Execute diverging action sequence exceeding drift thresholdAlert, deferral, or escalation triggeredSHOULD
R8Configure SIEM exportEvents appear with correct schema including DEFER eventsSHOULD
R9Submit read operationIssued credential cannot perform writesSHOULD

Testing Workflow

1

Environment Setup

Deploy AARM system under test with a test policy set covering all four action classifications. Configure mock tools that report execution/non-execution.
2

Core Tests (R1–R6)

Execute all MUST tests. Every test must pass for AARM Core conformance.
3

Extended Tests (R7–R9)

Execute SHOULD tests. All must pass for AARM Extended conformance.
4

Report

Document results per requirement. Partial conformance must specify which requirements are satisfied.

Test Policy Set

A reference test policy set covering all classifications: 
# Forbidden: always deny
- id: test-forbidden
  match: { tool: "database", operation: "drop_table" }
  decision: DENY
  classification: forbidden

# Context-Dependent Deny: allow email, deny after PII access
- id: test-ctx-deny
  match: { tool: "email", operation: "send" }
  condition: context.data_classifications contains "PII"
  decision: DENY
  classification: context_dependent_deny

# Context-Dependent Allow: deny delete, allow with explicit user request
- id: test-ctx-allow
  match: { tool: "database", operation: "delete" }
  condition: context.original_request matches "delete my test data"
  decision: STEP_UP
  classification: context_dependent_allow

# Context-Dependent Defer: high-impact with low confidence
- id: test-ctx-defer
  match: { tool: "credentials", operation: "rotate" }
  condition: context.confidence < 0.5
  decision: DEFER
  classification: context_dependent_defer