Article ID Journal Published Year Pages File Type
433369 Science of Computer Programming 2014 26 Pages PDF
Abstract

•We derive a logic that precisely captures the intentions of the standard XACML 3.0.•We formally define semantics for the XACML 3.0 component evaluation.•We formally define semantics for the XACML 3.0 standard combining operators.•We provide an alternative way of characterizing the policy combining operators.•We extend XACML by providing new combining operators and notion of conflict.

We study the international standard XACML 3.0 for describing security access control policies in a compositional way. Our main contributions are (i) to derive a logic that precisely captures the intentions of the standard, (ii) to formally define a semantics for the XACML 3.0 component evaluation, and (iii) to define a semantics for the XACML 3.0 standard combining operators. To guard against modeling artefacts we provide an alternative lattice based way of characterizing the policy combining operators and we formally prove the equivalence of these approaches thereby increasing our faith in either one. We then discuss several ways of extending XACML: one direction is to extend XACML with new combining operators, and another direction is to incorporate the notion of conflict into XACML. We conclude by discussing the possibility of analysing XACML policies for gaps and conflicts.

Related Topics
Physical Sciences and Engineering Computer Science Computational Theory and Mathematics
Authors
, , ,