XACML Policy Integration Algorithms

Authors:
Pietro Mazzoleni;Bruno Crispo;Swaminathan Sivasubramanian;Elisa Bertino
Affiliations:
University of Milan;Vrije Universiteit, Amsterdam and University of Trento;Vrije Universiteit, Amsterdam;Purdue University
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2008

Citing 7
Cited 11

Efficient comparison of enterprise privacy policies

Proceedings of the 2004 ACM symposium on Applied computing
First experiences using XACML for access control in distributed systems

Proceedings of the 2003 ACM workshop on XML security
An Introduction to the Web Services Policy Language (WSPL)

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Synthesising verified access control systems in XACML

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Conflict and combination in privacy policy languages

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Verification and change-impact analysis of access-control policies

Proceedings of the 27th international conference on Software engineering
Efficient Integration of Fine-grained Access Control in Large-scale Grid Services

SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01

Towards the development of privacy-aware systems

Information and Software Technology
An attribute-based authorization policy framework with dynamic conflict resolution

Proceedings of the 9th Symposium on Identity and Trust on the Internet
Statistics & clustering based framework for efficient XACML policy evaluation

POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Distributed and secure access control in P2P databases

DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
A semantic privacy-preserving model for data sharing and integration

Proceedings of the International Conference on Web Intelligence, Mining and Semantics
An integrated approach for identity and access management in a SOA context

Proceedings of the 16th ACM symposium on Access control models and technologies
Anomaly discovery and resolution in web access control policies

Proceedings of the 16th ACM symposium on Access control models and technologies
Graph-based XACML evaluation

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Access control for semantic data federations in industrial product-lifecycle management

Computers in Industry
Secure federation of semantic information services

Decision Support Systems
Enforcement of entailment constraints in distributed service-based business processes

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

XACML is the OASIS standard language specifically aimed at the specification of authorization policies. While XACML fits well with the security requirements of a single enterprise (even if large and composed by multiple departments), it does not address the requirements of virtual enterprises in which several autonomous subjects collaborate by sharing their resources to provide better services to customers. In this article we highlight such limitation, and we propose an XACML extension, the policy integration algorithms, to address them. In the article we also present the implementation of a system that makes use of the policy integration algorithms to securely replicate information in a P2P-like environment. In our solution, the data replication process considers the policies specified by both the owners of the data shared and the peers sharing data storage.