Conformance Checking of Access Control Policies Specified in XACML
- 1 July 2007
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Annual International Computer Software and Applications Conference (COMPSAC)
- Vol. 2 (07303157), 275-280
- https://doi.org/10.1109/compsac.2007.96
Abstract
Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem. Furthermore, XACML is intentionally designed to be generic: it provides the freedom in describing access control policies, which are well-known or invented ones. But the flexibility and expressiveness provided by XACML come at the cost of complexity, verbosity, and lack of desirable-property enforcement. Often common properties for specific access control policies may not be satisfied when these policies are specified in XACML, causing the discrepancy between what the policy authors intend to specify and what the actually specified XACML policies reflect. In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and testing tools for XACML policies.Keywords
This publication has 17 references indexed in Scilit:
- A fault model and mutation testing of access control policiesPublished by Association for Computing Machinery (ACM) ,2007
- Automated Test Generation for Access Control Policies via Change-Impact AnalysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Verification and change-impact analysis of access-control policiesPublished by Association for Computing Machinery (ACM) ,2005
- Policy management using access control spacesACM Transactions on Information and System Security, 2003
- A logical language for expressing authorizationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- DrScheme: a programming environment for SchemeJournal of Functional Programming, 2002
- A micromodularity mechanismPublished by Association for Computing Machinery (ACM) ,2001
- Conflicts in policy-based distributed systems managementIEEE Transactions on Software Engineering, 1999
- A unified framework for enforcing multiple access control policiesPublished by Association for Computing Machinery (ACM) ,1997
- Hints on Test Data Selection: Help for the Practicing ProgrammerComputer, 1978