Formal specification and integration of distributed security policies

We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a denotational semantics that is a generic semantics, i.e., which is independent of any evaluation environment. We prove the completeness of SePL with respect to set theory. Furthermore, we provide a formalization of a large subset of the eXtensible Access Control Markup Language (XACML), which is the well-known standard informal specification language of Web security policies. We also provide a semantics for XACML policy combining algorithms.