The logic of XACML

• We derive a logic that precisely captures the intentions of the standard XACML 3.0.
• We formally define semantics for the XACML 3.0 component evaluation.
• We formally define semantics for the XACML 3.0 standard combining operators.
• We provide an alternative way of characterizing the policy combining operators.
• We extend XACML by providing new combining operators and notion of conflict.

We study the international standard XACML 3.0 for describing security access control policies in a compositional way. Our main contributions are (i) to derive a logic that precisely captures the intentions of the standard, (ii) to formally define a semantics for the XACML 3.0 component evaluation, and (iii) to define a semantics for the XACML 3.0 standard combining operators. To guard against modeling artefacts we provide an alternative lattice based way of characterizing the policy combining operators and we formally prove the equivalence of these approaches thereby increasing our faith in either one. We then discuss several ways of extending XACML: one direction is to extend XACML with new combining operators, and another direction is to incorporate the notion of conflict into XACML. We conclude by discussing the possibility of analysing XACML policies for gaps and conflicts.