Discovery and resolution of anomalies in web access control policies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Contribution to journalArticle

31 Citations (Scopus)

Abstract

Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.

Original languageEnglish (US)
Article number6482139
Pages (from-to)341-354
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume10
Issue number6
DOIs
StatePublished - Nov 2013

Fingerprint

Access control
World Wide Web
Markup languages
Service oriented architecture (SOA)
Cloud computing
Web services
Industry
Visualization
Internet

Keywords

  • Access control policies
  • Conflict
  • Discovery and resolution
  • Redundancy
  • XACML

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Discovery and resolution of anomalies in web access control policies. / Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 10, No. 6, 6482139, 11.2013, p. 341-354.

Research output: Contribution to journalArticle

@article{98e47c219fb24e85985e4e8c281664d0,
title = "Discovery and resolution of anomalies in web access control policies",
abstract = "Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.",
keywords = "Access control policies, Conflict, Discovery and resolution, Redundancy, XACML",
author = "Hongxin Hu and Gail-Joon Ahn and Ketan Kulkarni",
year = "2013",
month = "11",
doi = "10.1109/TDSC.2013.18",
language = "English (US)",
volume = "10",
pages = "341--354",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

TY - JOUR

T1 - Discovery and resolution of anomalies in web access control policies

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Kulkarni, Ketan

PY - 2013/11

Y1 - 2013/11

N2 - Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.

AB - Emerging computing technologies such as web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for web access control policies, focusing on extensible access control markup language policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.

KW - Access control policies

KW - Conflict

KW - Discovery and resolution

KW - Redundancy

KW - XACML

UR - http://www.scopus.com/inward/record.url?scp=84897762505&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84897762505&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2013.18

DO - 10.1109/TDSC.2013.18

M3 - Article

VL - 10

SP - 341

EP - 354

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 6

M1 - 6482139

ER -