Conformance checking of access control policies specified in XACML

Proceedings - International Computer Software and Applications Conference

Volumn 2, Issue , 2007, Pages 275-280

  Hu, Vincent C ^a   Martin, Evan ^b   Hwang, JeeHyun ^b   Xie, Tao ^b  

^a NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY   (United States)

^b North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL COMPLEXITY; COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER PROGRAMMING LANGUAGES; MODEL CHECKING; RESOURCE ALLOCATION;

ACCESS CONTROL POLICIES; SECURITY MECHANISMS; XACML;

ACCESS CONTROL;

EID: 37349091904     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2007.96     Document Type: Conference Paper

References (29)

1. National Computer Security Center. A guide to understanding discretionary access control in trusted systems, Report NCSC-TG-003, Version 1, 30 September 1987.
2. OASIS eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/, 2005.
3. OASIS Security Assertion Markup Language (SAML). http://www.oasis-open. org/committees/ security/, 2005.
4. Sun's XACML implementation. http://sunxacml.sourceforge.net/, 2005.
5. A. Anderson. XACML profile for role based access control (RBAC). OASIS Committee Draft 01, February 2004.
6. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations, 1973. MITRE Corporation.
7. P. Bonatti, S. Vimercati, and P. Samarati. A modular approach to composing access control policies. In Proc. ACM Conference on Computer and Communication Security, pages 164-173, November 2000.
8. D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In Proc. IEEE Symposium on Security and Privacy, pages 206-214, 1989.
9. E. Clarke, M. Fujita, P. McGeer, J. Yang, and X. Zhao. Multi-terminal binary decision diagrams: An efficient data structure for matrix representation. In Proc. International Workshop on Logic Synthesis, 1993.
10. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In Proc. International Workshop on Policies for Distributed Systems and Networks, pages 18-38, 2001.
11. R. A. DeMillo, R. J. Lipton, and F. G. Sayward. Hints on test data selection: Help for the practicing programmer. IEEE Computer, 11(4):34-41, April 1978.
12. D. Ferraiolo and R. Kuhn. Role based access control. In Proc. 15th NIST-NCSC National Computer Security Conference, pages 554-563, 1992.
13. R. B. Findler, J. Clements, M. F. Cormac Flanagan, S. Krishnamurthi, P. Steckler, and M. Felleisen. DrScheme: A Progamming Environment for Scheme. Journal of Functional Programming, 12(2): 159-182, March 2002.
14. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In Proc. 27th International Conference on Software Engineering, pages 196-205, 2005.
15. V. C. Hu, D. F. Ferraiolo, and D. R. Kuhn. Assessment of access control systems. Interagency Report 7316, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, September 2006.
16. D. Jackson, I. Shlyakhter, and M. Sridharan. A micromodularity mechanism. In Proc. 8th ESEC/FSE, pages 62-73, 2001.
17. T. Jaeger, X. Zhang, and F. Cacheda. Policy management using access control spaces. ACM Transactions on Information and System Security, 6(3), 2003.
18. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. 1997 IEEE Symposium on Security and Privacy, pages 31-42, 1997.
19. S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In Proc. ACM SIGMOD International Conference on Management of Data, pages 474-485, 1997.
20. M. Kudo and S. Hada. XML document security based on privisional authorization. In Proc. ACM Conference on Computer and Communication Security, pages 87-96, November 2000.
21. E. C. Lupu and M. Sloman. Conflict in policy-based distributed systems management. IEEE Transaction on Software Engineering, 25(6):852-869, 1999.
22. E. Martin and T. Xie. Automated test generation for access control policies. In Supplemental Proc. 17th IEEE International Conference on Software Reliability Engineering, November 2006.
23. E. Martin and T. Xie. Automated test generation for access control policies via change-impact analysis. In Proc. 3rd International Workshop on Software Engineering for Secure Systems, May 2007.
24. E. Martin and T. Xie. A fault model and mutation testing of access control policies. In Proc. 16th International Conference on World Wide Web, May 2007.
25. E. Martin, T. Xie, and T. Yu. Defining and measuring policy coverage in testing access control policies. In Proc. 8th International Conference on Information and Communications Security, pages 139-158, December 2006.
26. M. Naedele. Standards for XML and web services security. Computer, 36(4):96-98, 2003.
27. F. Somenzi. CUDD: CU Decision Diagram Package Release, 1998.
28. N. Zhang, M. Ryan, and D. P. Guelev. Synthesising verified access control systems in XACML. In Proc. 2004 ACM Workshop on Formal Methods in Security Engineering, pages 56-65, 2004.
29. N. Zhang, M. Ryan, and D. P. Guelev. Evaluating access control policies through model checking. In Proc. 8th International Conference on Information Security, pages 446-460, September 2005.