Role-Based Access Control Models
Computer
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
Optimal implementation of conjunctive queries in relational data bases
STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
On the Decidability of the Safety Problem for Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Synthesising verified access control systems through model checking
Journal of Computer Security
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A DL-based method for access control policy conflict detecting
Proceedings of the First Asia-Pacific Symposium on Internetware
Modelling dynamic access control policies for web-based collaborative systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
A service-centric approach to a parameterized RBAC service
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Refinement checking for privacy policies
Science of Computer Programming
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
The eXtensible Access Control Markup Language (XACML) was proposed by the OASIS committee to be used as a standard language in e-business [6]. However, policy files written in XACML are hard to read and analyse directly. In this paper, we present a tool which generates verified XACML scripts from access control system descriptions in simple but expressive language proposed in [3], which admits algorithmic verification of access control systems against appropriately formalised policies. This allows the generation of XACML scripts for systems that can be formally verified to be implementing the relevant policies.