Analyzing XACML policies using answer set programming
作者: Mohsen Rezvani , David Rajaratnam , Aleksandar Ignjatovic , Maurice Pagnucco , Sanjay Jha
DOI: 10.1007/S10207-018-0421-5
关键词: Answer set programming 、 Access control 、 Web application 、 Markup language 、 Solver 、 Computer science 、 Leverage (statistics) 、 Software engineering 、 XACML 、 Policy analysis
摘要: With the tremendous growth of Web applications and services, eXtensible Access Control Markup Language (XACML) has been broadly adopted to specify access control policies. However, when policies are large or defined by multiple authorities, it proved difficult analyze errors vulnerabilities in a manual fashion. Recent advances answer set programming (ASP) paradigm have provided powerful problem-solving formalism that is capable dealing with policy verification. In this paper, we employ ASP various properties XACML To end, first propose structured mechanism translate into an program. Then, leverage features off-the-shelf solvers verify wide range policy, including redundancy, conflicts, refinement, completeness, reachability, usefulness. We present empirical evaluation effectiveness efficiency analysis tool implemented on top Clingo solver. The results show our approach computationally more efficient compared existing approaches.
springer.com
sci-hub.se 参考文章(31)
Jason Crampton, Charles Morisset, PTaCL: a language for attribute-based access control in open systems principles of security and trust. pp. 390- 409 ,(2012) , 10.1007/978-3-642-28641-4_21
Thomas Eiter, Giovambattista Ianni, Thomas Krennwallner, Answer Set Programming: A Primer Lecture Notes in Computer Science. pp. 40- 110 ,(2009) , 10.1007/978-3-642-03754-2_2
Dhouha Ayed, Marie-Noelle Lepareux, Cyrille Martins, Analysis of XACML policies with ASP new technologies, mobility and security. pp. 1- 5 ,(2015) , 10.1109/NTMS.2015.7266473
Vladimir Lifschitz, What is answer set programming national conference on artificial intelligence. pp. 1594- 1597 ,(2008)
Konstantine Arkoudas, Ritu Chadha, Jason Chiang, Sophisticated Access Control via SMT and Logical Frameworks ACM Transactions on Information and System Security. ,vol. 16, pp. 17- ,(2014) , 10.1145/2595222
Cataldo Basile, Alberto Cappadonia, Antonio Lioy, Network-level access control policy analysis and transformation IEEE ACM Transactions on Networking. ,vol. 20, pp. 985- 998 ,(2012) , 10.1109/TNET.2011.2178431
Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni, Detecting and Resolving Firewall Policy Anomalies IEEE Transactions on Dependable and Secure Computing. ,vol. 9, pp. 318- 331 ,(2012) , 10.1109/TDSC.2012.20
Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, Jorge Lobo, EXAM: a comprehensive environment for the analysis of access control policies International Journal of Information Security. ,vol. 9, pp. 253- 273 ,(2010) , 10.1007/S10207-010-0106-1
Leigh Griffin, Bernard Butler, Eamonn de Leastar, Brendan Jennings, Dmitri Botvich, On the Performance of Access Control Policy Evaluation ieee international symposium on policies for distributed systems and networks. pp. 25- 32 ,(2012) , 10.1109/POLICY.2012.15
Michael Carl Tschantz, Shriram Krishnamurthi, Towards reasonability properties for access-control policy languages Proceedings of the eleventh ACM symposium on Access control models and technologies - SACMAT '06. pp. 160- 169 ,(2006) , 10.1145/1133058.1133081