Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. (May 2015)
- Record Type:
- Journal Article
- Title:
- Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. (May 2015)
- Main Title:
- Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies
- Authors:
- Jebbaoui, Hussein
Mourad, Azzam
Otrok, Hadi
Haraty, Ramzi - Abstract:
- Graphical abstract: Highlights: We provide policy analysis scheme to detect access contradictions among web services. We propose semantic-based policy analysis through deductive logic and inference rules. We present flaw, conflict and redundancy detection algorithms for XACML policy analysis. We show through experiments that SBA-XACML provides efficient detection mechanisms. Abstract: XACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. However, the large size and complexity of these policies raise many concerns related to their correctness in terms of flaws, conflicts and redundancies presence. This paper addresses this problem through introducing a novel set and semantics based scheme that provides accurate and efficient analysis of XACML policies. First, our approach resolves the complexity of policies by elaborating an intermediate set-based representation to which the elements of XACML are automatically converted. Second, it allows to detect flaws, conflicts and redundancies between rules by offering new mechanisms to analyze the meaning of policy rules through semantics verification by inference rule structure and deductive logic. All the approach components and algorithms realizing the proposed analysis semantics have beenGraphical abstract: Highlights: We provide policy analysis scheme to detect access contradictions among web services. We propose semantic-based policy analysis through deductive logic and inference rules. We present flaw, conflict and redundancy detection algorithms for XACML policy analysis. We show through experiments that SBA-XACML provides efficient detection mechanisms. Abstract: XACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. However, the large size and complexity of these policies raise many concerns related to their correctness in terms of flaws, conflicts and redundancies presence. This paper addresses this problem through introducing a novel set and semantics based scheme that provides accurate and efficient analysis of XACML policies. First, our approach resolves the complexity of policies by elaborating an intermediate set-based representation to which the elements of XACML are automatically converted. Second, it allows to detect flaws, conflicts and redundancies between rules by offering new mechanisms to analyze the meaning of policy rules through semantics verification by inference rule structure and deductive logic. All the approach components and algorithms realizing the proposed analysis semantics have been implemented in one development framework. Experiments carried out on synthetic and real-life XACML policies explore the relevance of our analysis algorithms with acceptable overhead. Please visithttp://www.azzammourad.org/#projects to download the framework. … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 44(2015)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 44(2015)
- Issue Display:
- Volume 44, Issue 2015 (2015)
- Year:
- 2015
- Volume:
- 44
- Issue:
- 2015
- Issue Sort Value:
- 2015-0044-2015-0000
- Page Start:
- 91
- Page End:
- 103
- Publication Date:
- 2015-05
- Subjects:
- Web services security -- Access control -- Policy analysis -- Set theory -- Semantics -- XACML
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2014.12.012 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 6588.xml