Skip to main content
SpringerLink
Log in

The Logic of XACML

  • Conference paper
Formal Aspects of Component Software (FACS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7253))

Included in the following conference series:

Abstract

We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artefacts we provide an alternative way of characterizing the policy combining algorithms and we formally prove the equivalence of these approaches. This allows us to pinpoint the shortcoming of previous approaches to formalization based either on Belnap logic or on \(\mathcal{D}\)-algebra.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. eXtensible Access Control Markup Language (XACML), http://xml.coverpages.org/xacml.html

  2. XML 1.0 specification. w3.org, http://www.w3.org/TR/xml/ ; (retrieved August 22, 2010)

  3. Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Reasoning about xacml policy descriptions in answer set programming (preliminary report). In: 13th International Workshop on Nonmonotonic Reasoning, NMR 2010 (2010)

    Google Scholar 

  4. Belnap, N.D.: A useful four-valued logic. In: Epstein, G., Dunn, J.M. (eds.) Modern Uses of Multiple-Valued Logic, pp. 8–37. D. Reidel, Dordrecht (1977)

    Google Scholar 

  5. Bruns, G., Dantas, D.S., Huth, M.: A simple and expressive semantic framework for policy composition in access control. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE 2007, pp. 12–21. ACM, New York (2007)

    Chapter  Google Scholar 

  6. Bruns, G., Huth, M.: Access-control via belnap logic: Effective and efficient composition and analysis. In: 21st IEEE Computer Security Foundations Symposium (June 2008)

    Google Scholar 

  7. Evered, M., Bögeholz, S.: A case study in access control requirements for a health information systems. In: Proceedings of the Second Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation, ACSW Frontiers 2004, vol. 32, pp. 53–61. Australian Computer Society, Inc., Darlinghurst (2004)

    Google Scholar 

  8. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Transaction on Information and System Security (TISSEC) 11(4), 1–41 (2008)

    Article  Google Scholar 

  9. Hankin, C., Nielson, F., Nielson, H.R.: Advice from belnap policies. In: Computer Security Foundations Symposium, pp. 234–247. IEEE (2009)

    Google Scholar 

  10. Kolovski, V., Hendler, J.: Xacml policy analysis using description logics. In: Proceedings of the 15th International World Wide Web Conference, WWW (2007)

    Google Scholar 

  11. Kolovski, V., Hendler, J., Parsia, B.: Formalizing xacml using defeasible description logics. In: Proceedings of the 15th International World Wide Web Conference, WWW (2007)

    Google Scholar 

  12. Moses, T.: eXtensible Access Control Markup Language (XACML) version 2.0. Technical report. OASIS (August 2010), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  13. Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decisions. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 298–309. ACM, New York (2009)

    Google Scholar 

  14. Rissanen, E.: eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). Technical report. OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Informatics and Mathematical Modelling, Danmarks Tekniske Universitet Lyngby, Denmark

    Carroline Dewi Puspa Kencana Ramli, Hanne Riis Nielson & Flemming Nielson

Authors
  1. Carroline Dewi Puspa Kencana Ramli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hanne Riis Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Flemming Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Mathematics and Computer Science (CWI), Science Park 123, 1098 XG, Amsterdam, The Netherlands

    Farhad Arbab

  2. Department of Informatics, University of Oslo, Blindern, Postboks 1080, 0316, Oslo, Norway

    Peter Csaba Ölveczky

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F. (2012). The Logic of XACML. In: Arbab, F., Ölveczky, P.C. (eds) Formal Aspects of Component Software. FACS 2011. Lecture Notes in Computer Science, vol 7253. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35743-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35743-5_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35742-8

  • Online ISBN: 978-3-642-35743-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation