Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
TrustBAC: integrating trust relationships into the RBAC model for access control in open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Formal engineering of XACML access control policies in VDM++
ICFEM'07 Proceedings of the formal engineering methods 9th international conference on Formal methods and software engineering
A knowledge-based verification method for dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
PTaCL: a language for attribute-based access control in open systems
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Hi-index | 0.00 |
We study the international standard XACML 3.0 for describing security access control policies in a compositional way. Our main contributions are (i) to derive a logic that precisely captures the intentions of the standard, (ii) to formally define a semantics for the XACML 3.0 component evaluation, and (iii) to define a semantics for the XACML 3.0 standard combining operators. To guard against modeling artefacts we provide an alternative lattice based way of characterizing the policy combining operators and we formally prove the equivalence of these approaches thereby increasing our faith in either one. We then discuss several ways of extending XACML: one direction is to extend XACML with new combining operators, and another direction is to incorporate the notion of conflict into XACML. We conclude by discussing the possibility of analysing XACML policies for gaps and conflicts.