Automated reasoning about XACML 3.0 delegation using answer set programming

Joohyung Lee, Yi Wang, Yu Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

XACML is an XML-based declarative access control language standardized by OASIS. Its latest version 3.0 has several new features including the concept of delegation for decentralized administration of access control. Though it is important to avoid unintended consequences of ill-designed policies, delegation makes formal analysis of XACML policies highly complicated. In this paper, we present a logic-based approach to XACML 3.0 policy analysis. We formulate XACML 3.0 in Answer Set Programming (ASP) and use ASP solvers to perform automated reasoning about XACML policies. To the best of our knowledge this is the first work that fully captures the XACML delegation model in a formal executable language.

Original languageEnglish (US)
Title of host publicationCEUR Workshop Proceedings
PublisherCEUR-WS
Volume1433
StatePublished - 2015
Event31st International Conference on Logic Programming, ICLP 2015 - Cork, Ireland
Duration: Aug 31 2015Sep 4 2015

Other

Other31st International Conference on Logic Programming, ICLP 2015
CountryIreland
CityCork
Period8/31/159/4/15

Keywords

  • Answer set programming
  • Delegation
  • Policy
  • XACML

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Automated reasoning about XACML 3.0 delegation using answer set programming'. Together they form a unique fingerprint.

Cite this