Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies
XACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. H...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , |
| Format: | article |
| Published: |
2015
|
| Online Access: | http://hdl.handle.net/10725/2671 http://dx.doi.org/10.1016/j.compeleceng.2014.12.012 http://www.sciencedirect.com/science/article/pii/S0045790614003218 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513459047104512 |
|---|---|
| author | Jebbaoui, Hussein |
| author2 | Mourad, Azzam Otrok, Hadi Haraty, Ramzi |
| author2_role | author author author |
| author_facet | Jebbaoui, Hussein Mourad, Azzam Otrok, Hadi Haraty, Ramzi |
| author_role | author |
| dc.creator.none.fl_str_mv | Jebbaoui, Hussein Mourad, Azzam Otrok, Hadi Haraty, Ramzi |
| dc.date.none.fl_str_mv | 2015-11-24T10:30:16Z 2015-11-24T10:30:16Z 2015 2015-11-24 |
| dc.identifier.none.fl_str_mv | 0045-7906 http://hdl.handle.net/10725/2671 http://dx.doi.org/10.1016/j.compeleceng.2014.12.012 Jebbaoui, H., Mourad, A., Otrok, H., & Haraty, R. (2015). Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. Computers & Electrical Engineering, 44, 91-103. http://www.sciencedirect.com/science/article/pii/S0045790614003218 |
| dc.language.none.fl_str_mv | en |
| dc.relation.none.fl_str_mv | Computers & Electrical Engineering |
| dc.rights.*.fl_str_mv | info:eu-repo/semantics/openAccess |
| dc.title.none.fl_str_mv | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| dc.type.none.fl_str_mv | Article info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/article |
| description | XACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. However, the large size and complexity of these policies raise many concerns related to their correctness in terms of flaws, conflicts and redundancies presence. This paper addresses this problem through introducing a novel set and semantics based scheme that provides accurate and efficient analysis of XACML policies. First, our approach resolves the complexity of policies by elaborating an intermediate set-based representation to which the elements of XACML are automatically converted. Second, it allows to detect flaws, conflicts and redundancies between rules by offering new mechanisms to analyze the meaning of policy rules through semantics verification by inference rule structure and deductive logic. All the approach components and algorithms realizing the proposed analysis semantics have been implemented in one development framework. Experiments carried out on synthetic and real-life XACML policies explore the relevance of our analysis algorithms with acceptable overhead. Please visit http://www.azzammourad.org/#projects to download the framework. |
| eu_rights_str_mv | openAccess |
| format | article |
| id | LAURepo_a2cb5bdb578ea7e151c8bfe0be0d3512 |
| identifier_str_mv | 0045-7906 Jebbaoui, H., Mourad, A., Otrok, H., & Haraty, R. (2015). Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. Computers & Electrical Engineering, 44, 91-103. |
| language_invalid_str_mv | en |
| network_acronym_str | LAURepo |
| network_name_str | Lebanese American University repository |
| oai_identifier_str | oai:laur.lau.edu.lb:10725/2671 |
| publishDate | 2015 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| spelling | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policiesJebbaoui, HusseinMourad, AzzamOtrok, HadiHaraty, RamziXACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. However, the large size and complexity of these policies raise many concerns related to their correctness in terms of flaws, conflicts and redundancies presence. This paper addresses this problem through introducing a novel set and semantics based scheme that provides accurate and efficient analysis of XACML policies. First, our approach resolves the complexity of policies by elaborating an intermediate set-based representation to which the elements of XACML are automatically converted. Second, it allows to detect flaws, conflicts and redundancies between rules by offering new mechanisms to analyze the meaning of policy rules through semantics verification by inference rule structure and deductive logic. All the approach components and algorithms realizing the proposed analysis semantics have been implemented in one development framework. Experiments carried out on synthetic and real-life XACML policies explore the relevance of our analysis algorithms with acceptable overhead. Please visit http://www.azzammourad.org/#projects to download the framework.PublishedN/A2015-11-24T10:30:16Z2015-11-24T10:30:16Z20152015-11-24Articleinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/article0045-7906http://hdl.handle.net/10725/2671http://dx.doi.org/10.1016/j.compeleceng.2014.12.012Jebbaoui, H., Mourad, A., Otrok, H., & Haraty, R. (2015). Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. Computers & Electrical Engineering, 44, 91-103.http://www.sciencedirect.com/science/article/pii/S0045790614003218enComputers & Electrical Engineeringinfo:eu-repo/semantics/openAccessoai:laur.lau.edu.lb:10725/26712021-04-06T13:07:14Z |
| spellingShingle | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies Jebbaoui, Hussein |
| status_str | publishedVersion |
| title | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| title_full | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| title_fullStr | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| title_full_unstemmed | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| title_short | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| title_sort | Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies |
| url | http://hdl.handle.net/10725/2671 http://dx.doi.org/10.1016/j.compeleceng.2014.12.012 http://www.sciencedirect.com/science/article/pii/S0045790614003218 |