Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control
ECSQARU/FAPR '97 Proceedings of the First International Joint Conference on Qualitative and Quantitative Practical Reasoning
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
A tableaux decision procedure for SHOIQ
IJCAI'05 Proceedings of the 19th international joint conference on Artificial intelligence
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Representation and reasoning on RBAC: a description logic approach
ICTAC'05 Proceedings of the Second international conference on Theoretical Aspects of Computing
Trust on the world wide web: a survey
Foundations and Trends in Web Science
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Capturing Semantics for Information Security and Privacy Assurance
UIC '08 Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing
Web Semantics: Science, Services and Agents on the World Wide Web
Web Semantics: Science, Services and Agents on the World Wide Web
Authorization and Obligation Policies in Dynamic Systems
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Supporting RBAC with XACML+OWL
Proceedings of the 14th ACM symposium on Access control models and technologies
An architecture for specification and enforcement of temporal access control constraints using OWL
Proceedings of the 2009 ACM workshop on Secure web services
Visualization for access control policy analysis results using multi-level grids
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Analysis of privacy and security policies
IBM Journal of Research and Development
XACML policy performance evaluation using a flexible load testing framework
Proceedings of the 17th ACM conference on Computer and communications security
Privacy-preserving similarity measurement for access control policies
Proceedings of the 6th ACM workshop on Digital identity management
Scalable and efficient reasoning for enforcing role-based access control
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
EL with default attributes and overriding
ISWC'10 Proceedings of the 9th international semantic web conference on The semantic web - Volume Part I
Anomaly discovery and resolution in web access control policies
Proceedings of the 16th ACM symposium on Access control models and technologies
Refinement of history-based policies
Logic programming, knowledge representation, and nonmonotonic reasoning
An access control language based on term rewriting and description logic
WFLP'10 Proceedings of the 19th international conference on Functional and constraint logic programming
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
DC proposal: knowledge based access control policy specification and enforcement
ISWC'11 Proceedings of the 10th international conference on The semantic web - Volume Part II
Security model oriented attestation on dynamically reconfigurable component-based systems
Journal of Network and Computer Applications
Datalog for security, privacy and trust
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
Transversal policy conflict detection
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Defeasible inclusions in low-complexity DLs
Journal of Artificial Intelligence Research
A visualization tool for evaluating access control policies in facebook-style social network systems
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Decentralized semantic threat graphs
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Towards model-driven development of access control policies for web applications
Proceedings of the Workshop on Model-Driven Security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
On the notion of redundancy in access control policies
Proceedings of the 18th ACM symposium on Access control models and technologies
Privacy settings in social networking systems: what you cannot control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Knowledge-Based Policy Conflict Analysis in Mobile Social Networks
Wireless Personal Communications: An International Journal
Science of Computer Programming
| Hi-index | 0.00 |
XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it has proved difficult to analyze in an automated fashion. In this paper, we present a formalization of XACML using description logics (DL), which are a decidable fragment of First-Order logic. This formalization allows us to cover a more expressive subset of XACML than propositional logic-based analysis tools, and in addition we provide a new analysis service (policy redundancy). Also, mapping XACML to description logics allows us to use off-the-shelf DL reasoners for analysis tasks such as policy comparison, verification and querying. We provide empirical evaluation of a policy analysis tool that was implemented on top of open source DL reasoner Pellet.