TY - GEN
T1 - Representing and reasoning about web access control policies
AU - Ahn, Gail-Joon
AU - Hu, Hongxin
AU - Lee, Joohyung
AU - Meng, Yunsong
PY - 2010
Y1 - 2010
N2 - The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of logical and formal foundation. In this paper, we attempt to introduce a logic-based policy management approach for Web access control policies especially focusing on XACML (eXtensible Access Control Markup Language) policies, which have become the de facto standard for specifying and enforcing access control policies for various applications and services in currentWeb-based computing technologies. Our approach adopts Answer Set Programming (ASP) to formulate XACML that allows us to leverage the features of ASP solvers in performing various logical reasoning and analysis tasks such as policy verification, comparison and querying. In addition, we propose a policy analysis method that helps identify policy violations in XACML policies accommodating the notion of constraints in role-based access control (RBAC). We also discuss a proof-of-concept implementation of our method called XACML2ASP with the evaluation of several XACML policies from real-world software systems.
AB - The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of logical and formal foundation. In this paper, we attempt to introduce a logic-based policy management approach for Web access control policies especially focusing on XACML (eXtensible Access Control Markup Language) policies, which have become the de facto standard for specifying and enforcing access control policies for various applications and services in currentWeb-based computing technologies. Our approach adopts Answer Set Programming (ASP) to formulate XACML that allows us to leverage the features of ASP solvers in performing various logical reasoning and analysis tasks such as policy verification, comparison and querying. In addition, we propose a policy analysis method that helps identify policy violations in XACML policies accommodating the notion of constraints in role-based access control (RBAC). We also discuss a proof-of-concept implementation of our method called XACML2ASP with the evaluation of several XACML policies from real-world software systems.
KW - Answer set programming
KW - Role-based access control
KW - XACML
UR - http://www.scopus.com/inward/record.url?scp=78751691290&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78751691290&partnerID=8YFLogxK
U2 - 10.1109/COMPSAC.2010.20
DO - 10.1109/COMPSAC.2010.20
M3 - Conference contribution
AN - SCOPUS:78751691290
SN - 9780769540856
T3 - Proceedings - International Computer Software and Applications Conference
SP - 137
EP - 146
BT - Proceedings - 34th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2010
PB - IEEE Computer Society
ER -