Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Graph Visualization and Navigation in Information Visualization: A Survey
IEEE Transactions on Visualization and Computer Graphics
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fast and scalable conflict detection for packet classifiers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Enforcing authorization policies using transactional memory introspection
Proceedings of the 15th ACM conference on Computer and communications security
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Representing and Reasoning about Web Access Control Policies
COMPSAC '10 Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference
Detecting and resolving privacy conflicts for collaborative data sharing in online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
On the notion of redundancy in access control policies
Proceedings of the 18th ACM symposium on Access control models and technologies
Verification and enforcement of access control policies
Formal Methods in System Design
Hi-index | 0.00 |
The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies. We focus on XACML (eXtensible Access Control Markup Language) policy since XACML has become the de facto standard for specifying and enforcing access control policies for various Web-based applications and services. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how efficiently our approach can discover and resolve policy anomalies.