Multiple-implementation testing for XACML implementations
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
An approach to modular and testable security models of real-world health-care applications
Proceedings of the 16th ACM symposium on Access control models and technologies
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Policy-driven role-based access management for ad-hoc collaboration
Journal of Computer Security
| Hi-index | 0.00 |
Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms con- trol which principals such as users or processes have ac- cess to which resources in a system. To facilitate manag- ing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem. Furthermore, XACML is in- tentionally designed to be generic: it provides the freedom in describing access control policies, which are well-known or invented ones. But the flexibility and expressiveness pro- vided by XACML come at the cost of complexity, verbosity, and lack of desirable-property enforcement. Often common properties for specific access control policies may not be satisfied when these policies are specified in XACML, caus- ing the discrepancy between what the policy authors intend to specify and what the actually specified XACML policies reflect. In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and test- ing tools for XACML policies.