Discovery and resolution of anomalies in web access control policies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Contribution to journalArticle

34 Scopus citations

Abstract

Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.

Original languageEnglish (US)
Article number6482139
Pages (from-to)341-354
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume10
Issue number6
DOIs
StatePublished - Jan 1 2013

    Fingerprint

Keywords

  • Access control policies
  • Conflict
  • Discovery and resolution
  • Redundancy
  • XACML

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this