Representing and reasoning about web access control policies

Gail-Joon Ahn, Hongxin Hu, Joohyung Lee, Yunsong Meng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations

Abstract

The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of logical and formal foundation. In this paper, we attempt to introduce a logic-based policy management approach for Web access control policies especially focusing on XACML (eXtensible Access Control Markup Language) policies, which have become the de facto standard for specifying and enforcing access control policies for various applications and services in currentWeb-based computing technologies. Our approach adopts Answer Set Programming (ASP) to formulate XACML that allows us to leverage the features of ASP solvers in performing various logical reasoning and analysis tasks such as policy verification, comparison and querying. In addition, we propose a policy analysis method that helps identify policy violations in XACML policies accommodating the notion of constraints in role-based access control (RBAC). We also discuss a proof-of-concept implementation of our method called XACML2ASP with the evaluation of several XACML policies from real-world software systems.

Original languageEnglish (US)
Title of host publicationProceedings - 34th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2010
Pages137-146
Number of pages10
DOIs
StatePublished - 2010
Event34th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2010 - Seoul, Korea, Republic of
Duration: Jul 19 2010Jul 23 2020

Publication series

NameProceedings - International Computer Software and Applications Conference
ISSN (Print)0730-3157

Other

Other34th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2010
CountryKorea, Republic of
CitySeoul
Period7/19/107/23/20

Keywords

  • Answer set programming
  • Role-based access control
  • XACML

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Representing and reasoning about web access control policies'. Together they form a unique fingerprint.

  • Cite this

    Ahn, G-J., Hu, H., Lee, J., & Meng, Y. (2010). Representing and reasoning about web access control policies. In Proceedings - 34th Annual IEEE International Computer Software and Applications Conference, COMPSAC 2010 (pp. 137-146). [5676253] (Proceedings - International Computer Software and Applications Conference). https://doi.org/10.1109/COMPSAC.2010.20