Affordable Access

Publisher Website

The logic of XACML

Authors
Journal
Science of Computer Programming
0167-6423
Publisher
Elsevier
Publication Date
Volume
83
Identifiers
DOI: 10.1016/j.scico.2013.05.003
Keywords
  • Access Control
  • Control Systems
  • Xacml 3.0
  • Composition Policies
Disciplines
  • Linguistics

Abstract

Abstract We study the international standard XACML 3.0 for describing security access control policies in a compositional way. Our main contributions are (i) to derive a logic that precisely captures the intentions of the standard, (ii) to formally define a semantics for the XACML 3.0 component evaluation, and (iii) to define a semantics for the XACML 3.0 standard combining operators. To guard against modeling artefacts we provide an alternative lattice based way of characterizing the policy combining operators and we formally prove the equivalence of these approaches thereby increasing our faith in either one. We then discuss several ways of extending XACML: one direction is to extend XACML with new combining operators, and another direction is to incorporate the notion of conflict into XACML. We conclude by discussing the possibility of analysing XACML policies for gaps and conflicts.

There are no comments yet on this publication. Be the first to share your thoughts.

Statistics

Seen <100 times
0 Comments

More articles like this

The logic of XACML

on Science of Computer Programmin...
More articles like this..