Implementing ACL-based policies in XACML

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 183-192

  Karjoth, Günter ^a   Schade, Andreas ^a   Van Herreweghen, Els ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS-CONTROL SYSTEMS; DECISION ENGINES; DECISION LOGIC; EXCHANGE MECHANISMS; NON-TRIVIAL TASKS; POLICY LANGUAGES; VERIFICATION TOOLS;

COMPUTER APPLICATIONS; LEGACY SYSTEMS; LINGUISTICS; MANAGEMENT INFORMATION SYSTEMS; MANAGERS; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 60649096270     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.31     Document Type: Conference Paper

References (14)

1. A. Anderson. XACML J2SE[TM] Platform Policy Profile. Version: 1.28 Updated: 03/07/21 (yy/mm/dd) research.sun.com/projects/xacml/J2SEPolicyProvider. html
2. A. Anderson (Ed.). Hierarchical Resource Profile of XACML v2.0. OASIS Standard, Feb. 2005. docs.oasis-open.org/access-control-hier-profile-2.0-spec- os.pdf.
3. S. Burri. PAC to XACML - translating IBM WebSphere Portal Server's access control model to standard model XACML. Semester-arbeit, ETH Zurich, 2007. www.infsec.ethz.ch/people/burrisa/PACtoXACML.pdf.
4. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M.C. Tschantz. Verification and change impact-analysis of access-control policies. In 27th International Conference on Software Engineering ICSE '05, pages 196-205. ACM Press, 2005.
5. C. Giblin, S. Hada, G. Karjoth, A. Schade, Y. Sodha and E. Van Herreweghen. Separation of Duties and Entitlement Analyzer for Tivoli Access Manager. IBM alphaWorks, 2008. http://www.alphaworks.ibm.com/tech/sod4tam
6. S. Godik and T. Moses (Eds.). eXtensible Access Control Markup Language (XACML). Version 2.0, OASIS Standard, Feb. 2005.
7. G. Karjoth. Authorization in CORBA security. Journal of Computer Security, 8(2/3):89-108, 2000.
8. G. Karjoth. Access control with IBM Tivoli Access Manager. ACM Transactions on Information and System Security, 6(2):232-257, 2003.
9. M. Kudo and S. Hada. XML document security based on provisional authorization. In ACM Conference on Computer and Communications Security, pages 87-96. ACM Press, 2000.
10. A. X. Liu, F. Chen, J. Hwang, and T. Xie. Xengine: A fast and scalable XACML policy evaluation engine. In Measurement and Modeling of Computer Systems (SIGMETRICS 2008). ACM Press, 2008.
11. J. Pato. DCE Access Control Lists (ACL's). OSF DCE Specifications, 1990.
12. IBM Tivoli Access Manager - Administrator's Guide, 2008. Version 6.1. publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc/ am61-admin.pdf.
13. The Open Group. Authorization (AZN) API. Open Group Technical Standard C908, Jan. 2000.
14. C. Wolter, A. Schaad, and C. Meinel. Deriving XACML policies from business process models. In M. Weske, M.-S. Hacid, and C. Godart, editors, Web Information Systems Engineering (WISE 2007), Lecture Notes in Computer Science #4832, pages 142-153. Springer, 2007.