Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2015: Engineering Secure Software and Systems pp 196–210Cite as

Improving Reuse of Attribute-Based Access Control Policies Using Policy Templates

  • Conference paper

  • 1339 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8978))

Abstract

Access control is key to limiting the actions of users in an application and attribute-based policy languages such as XACML allow to express a wide range of access rules. As these policy languages become more widely used, policies grow both in size and complexity. Modularity and reuse are key to specifying and managing such policies effectively. Ideally, complex or domain-specific policy patterns are defined once and afterwards instantiated by security experts in their application-specific policies. However, current policy languages such as XACML provide only limited features for modularity and reuse. To address this issue, we introduce policy templates as part of a novel attribute-based policy language called STAPL. Policy templates are policies containing unbound variables that can be specified when instantiating the template in another policy later on. STAPL supports four types of policy templates with increasing complexity and expressiveness. This paper illustrates how these policy templates can be used to define reusable policy patterns and validates that policy templates are an effective means to simplify the specification of large and complex attribute-based policies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2013)

    Google Scholar 

  2. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur. 5(1) (February 2002)

    Google Scholar 

  3. Casassa Mont, M., Baldwin, A., Goh, C.: Power prototype: towards integrated policy-based management. In: IEEE/IFIP Network Operations and Management Symposium (2000)

    Google Scholar 

  4. Crampton, J., Huth, M.: An authorization framework resilient to policy evaluation failures. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 472–487. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. IEEE POLICY (2001)

    Google Scholar 

  6. Decat, M., Lagaisse, B., Joosen, W.: Middleware for efficient and confidentiality-aware federation of access control policies. Journal of Internet Services and Applications (2014)

    Google Scholar 

  7. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. TISSEC (2001)

    Google Scholar 

  8. Giambiagi, P., Rissanen, E., Nair, S.: Axiomatics Language for Authorization (ALFA). In: Announced to be Standardized as XACML Profile (April 2014)

    Google Scholar 

  9. Giuri, L., Iglio, P.: Role templates for content-based access control. ACM RBAC (1997)

    Google Scholar 

  10. Hu, V., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (2014)

    Google Scholar 

  11. Jin, X., Krishnan, R., Sandhu, R.: A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., Lin, D.: Access control policy combining: Theory meets practice. ACM SACMAT (2009)

    Google Scholar 

  13. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. IEEE Security and Privacy (2002)

    Google Scholar 

  14. Parnas, D.L.: On the criteria to be used in decomposing systems into modules. Communications of the ACM 15(12), 1053–1058 (1972)

    Article  Google Scholar 

  15. Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Sandhu, R.: The authorization leap from rights to attributes: Maturation or chaos? In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT 2012. ACM (2012)

    Google Scholar 

  17. Wies, R.: Using a classification of management policies for policy specification and policy transformation. In: Integrated Network Management IV, pp. 44–56. Springer (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. iMinds-DistriNet, KU Leuven, 3001, Leuven, Belgium

    Maarten Decat, Jasper Moeys, Bert Lagaisse & Wouter Joosen

Authors
  1. Maarten Decat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jasper Moeys
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bert Lagaisse
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wouter Joosen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. iMinds-DistriNet, KU Leuven, Belgium

    Frank Piessens

  2. IMDEA Software Institute, Campus de Montegancedo S/N, 28223, Pozuelo de Alarcón, Spain

    Juan Caballero

  3. Inria Sophia Antipolis – Mediterranee, 2004 route des Lucioles, B.P. 93, 06902, Sophia Antipolis Cedex, France

    Nataliia Bielova

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Decat, M., Moeys, J., Lagaisse, B., Joosen, W. (2015). Improving Reuse of Attribute-Based Access Control Policies Using Policy Templates. In: Piessens, F., Caballero, J., Bielova, N. (eds) Engineering Secure Software and Systems. ESSoS 2015. Lecture Notes in Computer Science, vol 8978. Springer, Cham. https://doi.org/10.1007/978-3-319-15618-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15618-7_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15617-0

  • Online ISBN: 978-3-319-15618-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation