Analysis and Verification of XACML Policies in a Medical Cloud Environment

نویسندگان

  • Meryeme Ayache
  • Mohammed Erradi
  • Ahmed Khoumsi
  • Bernd Freisleben
چکیده

The connectivity of devices, machines and people via Cloud infrastructure can support collaborations among doctors and specialists from different medical organisations. Such collaborations may lead to data sharing and joint tasks and activities. Hence, the collaborating organisations are responsible for managing and protecting data they share. Therefore, they should define a set of access control policies regulating the exchange of data they own. However, existing Cloud services do not offer tools to analyse these policies. In this paper, we propose a Cloud Policy Verification Service (CPVS) for the analysis and the verification of access control policies specified using XACML. The analysis process detects anomalies at two policy levels: a) intra-policy: detects discrepancies between rules within a single security policy (conflicting rules and redundancies), and b) interpolicies: detects anomalies between several security policies such as inconsistency and similarity. The verification process consists in verifying the completeness property which guarantees that each access request is either accepted or denied by the access control policy. In order to demonstrate the efficiency of our method, we also provide the time and space complexities. Finally, we present the implementation of our method and demonstrate how efficiently our approach can detect policy anomalies.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Reasoning about XACML Policy Descriptions in Answer Set Programming (Preliminary Report)

The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cuttingedge technological growth. Furthermore, desig...

متن کامل

A Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education

1. Automated Reasoning about Web Access Control Policies via Answer Set Programming Gail-Joon Ahn*, Joohyung Lee*, Hongxin Hu and Yunsong Meng Summary: We introduce a logic-based policy management approach for XACML (eXtensible Access Control Markup Language), which has become the defacto standard for specifying and enforcing access control policies for various applications and services in curr...

متن کامل

Automated Verification of XACML Policies Using a SAT Solver

Web-based software systems are increasingly used for accessing and manipulating sensitive information. Managing access control policies in such systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper, we present a framework for automated verification of access control poli...

متن کامل

Automated Verification of Access Control Policies

Managing access control policies in modern computer systems can be challenging and error-prone, especially when multiple access policies are combined to form new policies, possibly introducing unintended consequences. In this paper we present a framework for automated verification of access control policies. We introduce a formal model for systematically specifying access to resources. We show ...

متن کامل

VM Consolidation by using Selection and Placement of VMs in Cloud Datacenters

The Cloud Computing model leverages virtualization of computing resources allowing customers to provision resources on-demand on a pay-as-you-go basis. During recent years, the power consumption of datacenters in cloud environment attracted researchers. Optimization of energy consumption can be performed by different methods including virtual machine (VM) consolidation. This technique can reduc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • Scalable Computing: Practice and Experience

دوره 17  شماره 

صفحات  -

تاریخ انتشار 2016