Anomaly discovery and resolution in Web access control policies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations

Abstract

The advent of emerging technologies such asWeb services, serviceoriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies. We focus on XACML (eXtensible Access Control Markup Language) policy since XACML has become the de facto standard for specifying and enforcing access control policies for various Webbased applications and services. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-ofconcept implementation of our method called XAnalyzer and demonstrate how efficiently our approach can discover and resolve policy anomalies.

Original languageEnglish (US)
Title of host publicationSACMAT'11 - Proceedings of the 16th ACM Symposium on Access Control Models and Technologies
Pages165-174
Number of pages10
DOIs
StatePublished - 2011
Event16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011 - Innsbruck, Austria
Duration: Jun 15 2011Jun 17 2011

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011
Country/TerritoryAustria
CityInnsbruck
Period6/15/116/17/11

Keywords

  • Access control policies
  • Anomaly management
  • XACML

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint

Dive into the research topics of 'Anomaly discovery and resolution in Web access control policies'. Together they form a unique fingerprint.

Cite this