Advertisement

The Logic of XACML

  • Carroline Dewi Puspa Kencana Ramli
  • Hanne Riis Nielson
  • Flemming Nielson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7253)

Abstract

We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artefacts we provide an alternative way of characterizing the policy combining algorithms and we formally prove the equivalence of these approaches. This allows us to pinpoint the shortcoming of previous approaches to formalization based either on Belnap logic or on \(\mathcal{D}\)-algebra.

Keywords

Access Control Description Logic First Order Logic Access Control Policy Combine Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    eXtensible Access Control Markup Language (XACML), http://xml.coverpages.org/xacml.html
  2. 2.
    XML 1.0 specification. w3.org, http://www.w3.org/TR/xml/; (retrieved August 22, 2010)
  3. 3.
    Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Reasoning about xacml policy descriptions in answer set programming (preliminary report). In: 13th International Workshop on Nonmonotonic Reasoning, NMR 2010 (2010)Google Scholar
  4. 4.
    Belnap, N.D.: A useful four-valued logic. In: Epstein, G., Dunn, J.M. (eds.) Modern Uses of Multiple-Valued Logic, pp. 8–37. D. Reidel, Dordrecht (1977)Google Scholar
  5. 5.
    Bruns, G., Dantas, D.S., Huth, M.: A simple and expressive semantic framework for policy composition in access control. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE 2007, pp. 12–21. ACM, New York (2007)CrossRefGoogle Scholar
  6. 6.
    Bruns, G., Huth, M.: Access-control via belnap logic: Effective and efficient composition and analysis. In: 21st IEEE Computer Security Foundations Symposium (June 2008)Google Scholar
  7. 7.
    Evered, M., Bögeholz, S.: A case study in access control requirements for a health information systems. In: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation, ACSW Frontiers 2004, vol. 32, pp. 53–61. Australian Computer Society, Inc., Darlinghurst (2004)Google Scholar
  8. 8.
    Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Transaction on Information and System Security (TISSEC) 11(4), 1–41 (2008)CrossRefGoogle Scholar
  9. 9.
    Hankin, C., Nielson, F., Nielson, H.R.: Advice from belnap policies. In: Computer Security Foundations Symposium, pp. 234–247. IEEE (2009)Google Scholar
  10. 10.
    Kolovski, V., Hendler, J.: Xacml policy analysis using description logics. In: Proceedings of the 15th International World Wide Web Conference, WWW (2007)Google Scholar
  11. 11.
    Kolovski, V., Hendler, J., Parsia, B.: Formalizing xacml using defeasible description logics. In: Proceedings of the 15th International World Wide Web Conference, WWW (2007)Google Scholar
  12. 12.
    Moses, T.: eXtensible Access Control Markup Language (XACML) version 2.0. Technical report. OASIS (August 2010), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
  13. 13.
    Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decisions. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 298–309. ACM, New York (2009)Google Scholar
  14. 14.
    Rissanen, E.: eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). Technical report. OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Carroline Dewi Puspa Kencana Ramli
    • 1
  • Hanne Riis Nielson
    • 1
  • Flemming Nielson
    • 1
  1. 1.Department of Informatics and Mathematical ModellingDanmarks Tekniske Universitet LyngbyDenmark

Personalised recommendations