Formalisation and implementation of the XACML access control mechanism

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7159 LNCS, Issue , 2012, Pages 60-74

  Masi, Massimiliano ^a,b   Pugliese, Rosario ^b   Tiezzi, Francesco ^c  

^a Tiani Spirit GmbH   (Austria)

^b UNIVERSITY OF FLORENCE   (Italy)

^c IMT SCHOOL FOR ADVANCED STUDIES LUCCA   (Italy)

Author keywords

CASE tools; formal semantics; PBAC; XACML

Indexed keywords

ACCESS CONTROL MECHANISM; ACCESS CONTROL POLICIES; FORMAL DEVELOPMENT; FORMAL SEMANTICS; FORMALISATION; PBAC; POLICY BASED ACCESS CONTROL; SOFTWARE ENGINEERS; SOFTWARE TOOL; XACML;

COMPUTER AIDED SOFTWARE ENGINEERING; SEMANTICS; SPECIFICATIONS;

ACCESS CONTROL;

EID: 84857328430     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-28166-2_7     Document Type: Conference Paper

References (35)

1. Ferraiolo, D., Kuhn, R.: Role-based access control. In: NIST-NCSC National Computer Security Conference, pp. 554-563 (1992)
2. NIST: A survey of access control models (2009), http://csrc.nist.gov/ news-events/privilege-management-workshop/PvM-Model-Survey-Aug26-2009.pdf
3. OASIS XACML TC: eXtensible Access Control Markup Language (XACML) version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/XACML-2.0-OSNORMATIVE.zip
4. The epSOS project: A european ehealth project, http://www.epsos.eu
5. The Nationwide Health Information Network (NHIN): an American eHealth Project (2009), http://healthit.hhs.gov/portal/server.pt
6. OASIS: Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare v1.0 (2009), http://www.oasis-open.org
7. OASIS Security Services TC: Assertions and protocols for the OASIS security assertion markup language (SAML) v2.02 (2005), http://docs.oasis-open. org/security/saml/v2.0/saml-core-2.0-os.pdf
8. Namli, T., Dogac, A.: Implementation Experiences On IHE XUA and BPPC. Technical report, Software Research and Development Center, Middle East Technical University Ankara (December 2006)
9. Universidad de Murcia: UMU-XACML-Editor (2008), http://sourceforge.net/ projects/umu-xacmleditor/
10. Bradner, S.: Key words for use in rfcs to indicate requirement levels (1997)
11. Kolovski, V., Hendler, J.A., Parsia, B.: Analyzing web access control policies. In: WWW, pp. 677-686. ACM (2007)
12. Bryans, J.: Reasoning about XACML policies using CSP. In: SWS, pp. 28-35. ACM (2005)
13. Hoare, C.: Commmunicating Sequential Processes. Prentice-Hall (1985)
14. Bryans, J., Fitzgerald, J.S.: Formal Engineering of XACML Access Control Policies in VDM++. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 37-56. Springer, Heidelberg (2007)
15. Fitzgerald, J., Larsen, P., Mukherjee, P., Plat, N., Verhoef, M.: Validated Designs for Object-oriented Systems. Springer, Heidelberg (2005)
16. Zhang, N., Ryan, M., Guelev, D.P.: Evaluating Access Control Policies through Model Checking. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 446-460. Springer, Heidelberg (2005)
17. Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in XACML. In: FMSE, pp. 56-65. ACM (2004)
18. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE, pp. 196-205. ACM (2005)
19. Tschantz, M.C., Krishnamurthi, S.: Towards reasonability properties for access-control policy languages. In: SACMAT, pp. 160-169. ACM (2006)
20. OASIS XACML TC: Available XACML Implementations (2011), http://www.oasis-open.org/committees/tc-home.php?wg-abbrev=xacml#other (last visited September 21, 2011)
21. Proctor, S.: SUN XACML (2011), http://sunxacml.sf.net (last visited September 21, 2011)
22. AF, http://www.herasaf.org
23. Liu, A.X., Chen, F., Hwang, J., Xie, T.: Xengine: a fast and scalable XACML policy evaluation engine. In: SIGMETRICS, pp. 265-276. ACM (2008)
24. ISSRG: The Modular PERMIS Project, http://sec.cs.kent.ac.uk/permis/
25. Foster, I.T.: Globus toolkit version 4: Software for service-oriented systems. J. Comput. Sci. Technol. 21(4), 513-520 (2006)
26. Barton, T., et al.: Identity federation and attribute-based authorization through the globus toolkit, shibboleth, gridshib, and myproxy. Technical report, National Center for Supercomputing Applications, University of Illinois (2006)
27. Chadwick, D.W., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: Permis: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11), 1341-1357 (2008)
28. Masi, M., Pugliese, R., Tiezzi, F.: Formalisation and Implementation of the XACML Access Control Mechanism (full version). Technical report, Dipartimento di Sistemi e Informatica, Univ. Firenze (2011), http://rap.dsi.unifi.it/xacml-tools
29. Clark, J., DeRose, S.: XML Path Language (XPath) version 1.0 (1999), http://www.w3.org/TR/xpath
30. The IHE Initiative: IT Infrastructure Technical Framework (2009), http://www.ihe.net
31. Health Level Seven organization: Hl7 standards (2009), http://www.hl7.org
32. The Regenstrief Institute: Logical observation identifiers names and codes (LOINC), http://www.loinc.org
33. IEEE Computer Society: IEEE Standard for Binary Floating-Point Arithmetic IEEE Product No. SH10116-TBR (1985)
34. Parr, T.J., Quong, R.W.: ANTLR: A Predicated-LL(k) Parser Generator. Software Practice and Experience 25, 789-810 (1994)
35. Saltzer, J.H.: Protection and the Control of Information Sharing in Multics. Commun. ACM 17, 388-402 (1974)