A Rewriting System for the Assessment of XACML Policies Similarity
نویسندگان
چکیده
We propose in this paper a policies similarity approach which is performed in three steps. The first step is concerned with the formalization of a XACML policy as a term in a boolean algebra while taking into account the policy and rule combining algorithms. This formalization is based on Security Policy Language (SePL) which was proposed in a previous work. In the second step, the SePL term is transformed into a term in a boolean ring. In the third step, the two policy terms, which are derived from the previous step, are the input to a rewriting system to conclude which kind of relation exists between these security policies such as equivalence, restriction, inclusion, and divergence. We provide a case study of our approach based on real XACML policies and also an empirical evaluation of its performance.
منابع مشابه
Modular Access Control Via Strategic Rewriting
Security policies, in particular access control, are fundamental elements of computer security. We address the problem of authoring and analyzing policies in a modular way using techniques developed in the field of term rewriting, focusing especially on the use of rewriting strategies. Term rewriting supports a formalization of access control with a clear declarative semantics based on equation...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملXACML and Risk-Aware Access Control
Over the last few years there has been a rapid development of technologies such as ubiquitous computing and distributed multi-agent systems. As a consequence an increasing need to share information securely in a distributed dynamic environment has arisen. Risk-aware access control (RAAC) has recently shown promise as an approach to addressing this need of flexible and dynamical access control r...
متن کاملEXAM-S: an Analysis tool for Multi-Domain Policy Sets
As distributed collaborative applications and architectures are adopting policy based management for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is the need of analyzing po...
متن کاملPolicy Management in a Distributed Computing Environment
Management of the security of resources owned by an organization has increasingly moved to policy-based systems. Using a common policy management mechanism allows the modification of the policies without rewriting the underlying management system. This is especially prevalent in large scale systems such as grid computing, peer-to-peer systems, cluster computing, and other forms of distributing ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1605.05887 شماره
صفحات -
تاریخ انتشار 2016