TY - GEN
T1 - Anomaly discovery and resolution in Web access control policies
AU - Hu, Hongxin
AU - Ahn, Gail-Joon
AU - Kulkarni, Ketan
PY - 2011
Y1 - 2011
N2 - The advent of emerging technologies such asWeb services, serviceoriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies. We focus on XACML (eXtensible Access Control Markup Language) policy since XACML has become the de facto standard for specifying and enforcing access control policies for various Webbased applications and services. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-ofconcept implementation of our method called XAnalyzer and demonstrate how efficiently our approach can discover and resolve policy anomalies.
AB - The advent of emerging technologies such asWeb services, serviceoriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies. We focus on XACML (eXtensible Access Control Markup Language) policy since XACML has become the de facto standard for specifying and enforcing access control policies for various Webbased applications and services. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-ofconcept implementation of our method called XAnalyzer and demonstrate how efficiently our approach can discover and resolve policy anomalies.
KW - Access control policies
KW - Anomaly management
KW - XACML
UR - http://www.scopus.com/inward/record.url?scp=79960152755&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79960152755&partnerID=8YFLogxK
U2 - 10.1145/1998441.1998472
DO - 10.1145/1998441.1998472
M3 - Conference contribution
AN - SCOPUS:79960152755
SN - 9781450307215
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 165
EP - 174
BT - SACMAT'11 - Proceedings of the 16th ACM Symposium on Access Control Models and Technologies
T2 - 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011
Y2 - 15 June 2011 through 17 June 2011
ER -