Model-Driven Specification and Design-Level Analysis of XACML Policies
Throughout the recent years, Web services security has been the target of many researchers. Particularly, by integrating policies and rules to govern the Web services behaviors at runtime, researchers have been able to prove the capability of policy languages in enforcing Web services security. XACM...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , , |
| التنسيق: | conferenceObject |
| منشور في: |
2020
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | http://hdl.handle.net/10725/12115 https://doi.org/10.13140/RG.2.1.2573.6167 http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://www.researchgate.net/publication/281748889_Model-Driven_Specification_and_Design-Level_Analysis_of_XACML_Policies |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513489700126720 |
|---|---|
| author | Tout, Hanine |
| author2 | Mourad, Azzam Talhi, Chamseddine Otrok, Hadi Yahyaoui, Hamdi |
| author2_role | author author author author |
| author_facet | Tout, Hanine Mourad, Azzam Talhi, Chamseddine Otrok, Hadi Yahyaoui, Hamdi |
| author_role | author |
| dc.creator.none.fl_str_mv | Tout, Hanine Mourad, Azzam Talhi, Chamseddine Otrok, Hadi Yahyaoui, Hamdi |
| dc.date.none.fl_str_mv | 2020-09-08T11:09:16Z 2020-09-08T11:09:16Z 2020-09-08 |
| dc.identifier.none.fl_str_mv | 9789383701353 http://hdl.handle.net/10725/12115 https://doi.org/10.13140/RG.2.1.2573.6167 Tout, H., Mourad, A., & Talhi, C. (2015). Model-driven specification and design-level analysis of XACML policies. In Second International Conference on Next Generation Computing and Communication Technologies (ICNGCCT 2015). http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://www.researchgate.net/publication/281748889_Model-Driven_Specification_and_Design-Level_Analysis_of_XACML_Policies |
| dc.language.none.fl_str_mv | en |
| dc.rights.*.fl_str_mv | info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Telecommunication systems -- Congresses |
| dc.title.none.fl_str_mv | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| dc.type.none.fl_str_mv | Conference Paper / Proceeding info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/conferenceObject |
| description | Throughout the recent years, Web services security has been the target of many researchers. Particularly, by integrating policies and rules to govern the Web services behaviors at runtime, researchers have been able to prove the capability of policy languages in enforcing Web services security. XACML or eXtensible Access Control Markup Language is one of the most widely adopted security standards for controlling access to individual and between composed services based on policies specifications. However, like any other policy language, XACML policies are specified in structural files with complex syntax, which makes the policies specification process both, time consuming and error prone. Moreover, security policies are commonly verified in an afterthought stage after their enforcement, yet with diversity of rules and conditions specified in the policies, hidden conflicts, redundancies and access flaws are more likely to arise, which expose the system to serious vulnerabilities at execution time. To address these problems, we propose in this paper a novel approach that allows high-level specification of XACML security policies and provides design-level analysis to detect problems and vulnerabilities in the policies semantics, a priori to their integration and execution in the system. |
| eu_rights_str_mv | openAccess |
| format | conferenceObject |
| id | LAURepo_37ac724e0f7811ea12a8bef190abcabb |
| identifier_str_mv | 9789383701353 Tout, H., Mourad, A., & Talhi, C. (2015). Model-driven specification and design-level analysis of XACML policies. In Second International Conference on Next Generation Computing and Communication Technologies (ICNGCCT 2015). |
| language_invalid_str_mv | en |
| network_acronym_str | LAURepo |
| network_name_str | Lebanese American University repository |
| oai_identifier_str | oai:laur.lau.edu.lb:10725/12115 |
| publishDate | 2020 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| spelling | Model-Driven Specification and Design-Level Analysis of XACML PoliciesTout, HanineMourad, AzzamTalhi, ChamseddineOtrok, HadiYahyaoui, HamdiTelecommunication systems -- CongressesThroughout the recent years, Web services security has been the target of many researchers. Particularly, by integrating policies and rules to govern the Web services behaviors at runtime, researchers have been able to prove the capability of policy languages in enforcing Web services security. XACML or eXtensible Access Control Markup Language is one of the most widely adopted security standards for controlling access to individual and between composed services based on policies specifications. However, like any other policy language, XACML policies are specified in structural files with complex syntax, which makes the policies specification process both, time consuming and error prone. Moreover, security policies are commonly verified in an afterthought stage after their enforcement, yet with diversity of rules and conditions specified in the policies, hidden conflicts, redundancies and access flaws are more likely to arise, which expose the system to serious vulnerabilities at execution time. To address these problems, we propose in this paper a novel approach that allows high-level specification of XACML security policies and provides design-level analysis to detect problems and vulnerabilities in the policies semantics, a priori to their integration and execution in the system.N/A2020-09-08T11:09:16Z2020-09-08T11:09:16Z2020-09-08Conference Paper / Proceedinginfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObject9789383701353http://hdl.handle.net/10725/12115https://doi.org/10.13140/RG.2.1.2573.6167Tout, H., Mourad, A., & Talhi, C. (2015). Model-driven specification and design-level analysis of XACML policies. In Second International Conference on Next Generation Computing and Communication Technologies (ICNGCCT 2015).http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.phphttps://www.researchgate.net/publication/281748889_Model-Driven_Specification_and_Design-Level_Analysis_of_XACML_Policieseninfo:eu-repo/semantics/openAccessoai:laur.lau.edu.lb:10725/121152021-03-19T10:47:40Z |
| spellingShingle | Model-Driven Specification and Design-Level Analysis of XACML Policies Tout, Hanine Telecommunication systems -- Congresses |
| status_str | publishedVersion |
| title | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| title_full | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| title_fullStr | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| title_full_unstemmed | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| title_short | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| title_sort | Model-Driven Specification and Design-Level Analysis of XACML Policies |
| topic | Telecommunication systems -- Congresses |
| url | http://hdl.handle.net/10725/12115 https://doi.org/10.13140/RG.2.1.2573.6167 http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://www.researchgate.net/publication/281748889_Model-Driven_Specification_and_Design-Level_Analysis_of_XACML_Policies |