Representing and reasoning about web access control policies

Proceedings - International Computer Software and Applications Conference

Volumn , Issue , 2010, Pages 137-146

  Ahn, Gail Joon ^a   Hu, Hongxin ^a   Lee, Joohyung ^a   Meng, Yunsong ^a  

^a ARIZONA STATE UNIVERSITY   (United States)

Author keywords

Answer set programming; Role based access control; XACML

Indexed keywords

APPLICATION PROGRAMS; COMPUTATION THEORY; INFORMATION SERVICES; LOGIC PROGRAMMING; MARKUP LANGUAGES; SERVICE ORIENTED ARCHITECTURE (SOA); WEB SERVICES;

ACCESS CONTROL POLICIES; ANSWER SET PROGRAMMING; COMPUTING TECHNOLOGY; EMERGING TECHNOLOGIES; EXTENSIBLE ACCESS CONTROL MARKUP LANGUAGES; ROLE-BASED ACCESS CONTROL; TECHNOLOGICAL GROWTH; XACML;

ACCESS CONTROL;

EID: 78751691290     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2010.20     Document Type: Conference Paper

References (29)

1. American National Standards Institute Inc. Role Based Access Control, ANSI-INCITS 359-2004, 2004.
2. G.-J. Ahn and H. Hu. Towards realizing a formal RBAC model in real systems. In Proceedings of the 12th ACM symposium on Access control models and technologies, page 224. ACM, 2007.
3. G.-J. Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC), 3(4):207-226, 2000.
4. A. Anderson. Core and hierarchical role based access control (RBAC) profile of XACML v2. 0. OASIS Standard, 2005.
5. A. Birgisson, M. Dhawan, U. Erlingsson, V. Ganapathy, and L. Iftode. Enforcing authorization policies using transactional memory introspection. In Proceedings of the 15th ACM conference on Computer and communications security, pages 223-234. ACM New York, NY, USA, 2008.
6. J. Bryans. Reasoning about XACML policies using CSP. In Proceedings of the 2005 workshop on Secure web services, page 35. ACM, 2005.
7. J. Crampton. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM symposium on Access control models and Technologies, page 50. ACM, 2003.
8. D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC), 4(3):224-274, 2001.
9. P. Ferraris, J. Lee, and V. Lifschitz. Stable models and circumscription. Artificial Intelligence, 2010. To appear.
10. K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th international conference on Software engineering, pages 196-205. ACM New York, NY, USA, 2005.
11. M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In R. Kowalski and K. Bowen, editors, Proceedings of International Logic Programming Conference and Symposium, pages 1070-1080. MIT Press, 1988.
12. H. Hu and G.-J. Ahn. Enabling verification and conformance testing for access control model. In Proceedings of the 13th ACM Symposium on Access control Models and Technologies, pages 195-204. ACM, 2008.
13. G. Hughes and T. Bultan. Automated verification of access control policies. Computer Science Department, University of California, Santa Barbara, CA, 93106:2004-22.
14. D. Jackson. Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM), 11(2):256-290, 2002.
15. S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. pages 474-485, 1997.
16. V. Kolovski, J. Hendler, and B. Parsia. Analyzing web access control policies. In Proceedings of the 16th international conference on World Wide Web, page 686. ACM, 2007.
17. N. Li, M. Tripunitara, and Z. Bizri. On mutually exclusive roles and separation-of-duty. ACM Transactions on Information and System Security (TISSEC), 10(2):5, 2007.
18. V. Lifschitz. What is answer set programming? In Proceedings of the AAAI Conference on Artificial Intelligence, pages 1594-1597. MIT Press, 2008.
19. V. Lifschitz and A. Razborov. Why are there so many loop formulas? ACM Transactions on Computational Logic, 7:261-268, 2006.
20. V. Marek and M. Truszczyński. Stable models and an alternative logic programming paradigm. In The Logic Programming Paradigm: a 25-Year Perspective, pages 375-398. Springer Verlag, 1999.
21. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE computer, 29(2):38-47, 1996.
22. R. Sandhu and Q. Munawer. How to do discretionary access control using roles. In Proceedings of the third ACM workshop on Role-based access control, pages 47-54. ACM New York, NY, USA, 1998.
23. R. S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9-19, 1993.
24. R. S. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Communications Magazine, 32(9):40-48, 1994.
25. A. Schaad and J. D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies, pages 13-22, New York, NY, USA, 2002. ACM.
26. K. Sohr, G.-J. Ahn, M. Gogolla, and L. Migge. Specification and validation of authorisation constraints using UML and OCL. Lecture notes in computer science, 3679:64, 2005.
27. K. Sohr, G.-J. Ahn, and L. Migge. Articulating and enforcing authorisation policies with UML and OCL. In Proceedings of the 2005 workshop on Software engineering for secure systems building trustworthy applications, pages 1-7, 2005.
28. M. C. Tschantz and S. Krishnamurthi. Towards reasonability properties for access-control policy languages. In SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 160-169, New York, NY, USA, 2006. ACM.
29. XACML. OASIS eXtensible Access Control Markup Language (XACML) V2.0 Specification Set. http://www.oasisopen.org/committees/xacml/, 2007.