A Policy Validation Framework for Enterprise Authorization Specification
نویسنده
چکیده
The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing access control mechanism does not provide this feature. In this paper we describe one such framework. The framework uses XML to encode the enterprise authorization specification, XML Schema to specify the underlying access control model (which in our case is the Role-based Access control Model (RBAC)) and Schematron language to encode the policy constraints. The conformance of the XML-encoded enterprise authorization specification to the structure of the RBAC model (specified through XML Schema) as well as the policy constaints (specified through Schematron) are verified through a Schematron Validator tool.
منابع مشابه
Formal Specification and Validation of Security Policies
We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are ...
متن کاملSpecification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints
The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise access control data developed based on that model, for conformance to the model as well as domain-...
متن کاملLogic Based Authorization Policy Engineering
This paper presents an engineering process for authorization policy development. This process includes formal specification, verification, testing and integration. A general architecture along with supporting toolset is described. In addition, a practical solution based on logic programming is further discussed. Finally, an example demonstrating the application of the methodology is provided.
متن کاملDepartment of Computer Science and Engineering
Role-Based Access Control (RBAC) has proven as a cost effective as well as a practical solution for authorization management in large enterprises. In the recent past, RBAC has been widely explored and there have been several extensions to it. Current systems do not enforce standard RBAC features and its extensions in a seamless way, which is essential to make RBAC even better-suited for a wide ...
متن کاملRule-based Specification and Analysis of Security Policies
We propose a formal framework for the specification and validation of security policies. A security policy responds to the authorisation requests of a system according to a certain number of rules and to the configuration of the system at the moment of the request. A system constrained by a security policy consists of two parts: on one hand, the set of rules describing the way the decisions are...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003