摘要: XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it proved difficult to analyze in an automated fashion. In this paper, we present formalization using description logics (DL), which are decidable fragment First-Order logic. This allows us cover more expressive subset than propositional logic-based analysis tools, and addition provide new service (policy redundancy). Also, mapping use off-the-shelf DL reasoners for tasks such policy comparison, verification querying. We empirical evaluation tool that was implemented top open source reasoner Pellet.
acm.org
manchester.ac.uk
researchgate.net 参考文章(14)
Guus Schreiber, Mike Dean, OWL Web Ontology Language Reference W3C Recommendation ,(2004)
Bijan Parsia, Evren Sirin, Pellet: An OWL DL Reasoner international workshop description logics. ,(2004)
Jeffrey Schlimmer, John Shewchuk, David Orchard, Siddharth Bajaj, Daniel Roth, Web Services Policy Framework (WS- Policy) ,(2002)
Vladimir Kolovski, Bijan Parsia, James A. Hendler, Formalizing XACML Using Defeasible Description Logics ,(2007)
Dimitar P. Guelev, Mark Ryan, Pierre Yves Schobbens, Model-Checking Access Control Policies international conference on information security. pp. 219- 230 ,(2004) , 10.1007/978-3-540-30144-8_19
Chen Zhao, Nuermaimaiti Heilili, Shengping Liu, Zuoquan Lin, Representation and Reasoning on RBAC: A Description Logic Approach Theoretical Aspects of Computing – ICTAC 2005. pp. 381- 393 ,(2005) , 10.1007/11560647_25
Kewen Wang, David Billington, Jeff Blee, Grigoris Antoniou, Combining Description Logic and Defeasible Logic for the semantic Web rules and rule markup languages for the semantic web. pp. 170- 181 ,(2004) , 10.1007/978-3-540-30504-0_13
Fabio Massacci, Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control conference on automated deduction. pp. 421- 435 ,(1997) , 10.1007/BFB0035639
Peter F. Patel-Schneider, Bijan Parsia, Ian Horrocks, Ulrike Sattler, Bernardo Cuenca Grau, Next Steps for OWL. owl: experiences and directions. ,(2006)
Nan Zhang, Mark Ryan, Dimitar P. Guelev, Evaluating access control policies through model checking international conference on information security. ,vol. 3650, pp. 446- 460 ,(2005) , 10.1007/11556992_32