Title :
Formal representation of conflict zones in XACML access control systems
Author :
Yahiaoui, Mohamed ; Zinedine, Ahmed ; Harti, M.
Author_Institution :
Fac. of Sci. Dhar El Mahrez, Sidi Mohamed Ben Abdellah Univ., Fez, Morocco
Abstract :
In this work we propose a new approach for handling the problem of detection and resolution of conflicts/anomalies between XACML (eXtensible Access Control Markup Language) policies. We give more attention to the mathematical formalism of the problem. We introduce the notion of the canonical representation of the query space. This is a partition of the query space formed by authorization classes. Each authorization class regroups queries that are intercepted by the same policies. This classification provides a natural way to handle interferences between policy targets (in other words conflicts /anomalies). Then we bring the study of the problem from the whole query space to elements of its canonical representation. After, we study the impact of adding and deleting policies from the policy repository on the canonical representation. This is important when this canonical representation is integrated as a part of a Framework for conflict detection and resolution in XACML access control systems.
Keywords :
XML; authorisation; formal verification; query processing; XACML access control systems; anomaly detection; anomaly resolution; authorization class; canonical query space representation; conflict detection; conflict resolution; conflict zones; extensible access control markup language; formal representation; policy addition impact; policy deletion impact; policy repository; policy targets; query regrouping; Access control; Boolean functions; Data structures; Anomaly detection and Resolution; FIA algebra; XACML; access control; anomaly; canonical representation; conflict; policy;
Conference_Titel :
Information Science and Technology (CIST), 2012 Colloquium in
Conference_Location :
Fez
Print_ISBN :
978-1-4673-2726-8
Electronic_ISBN :
978-1-4673-2724-4
DOI :
10.1109/CIST.2012.6388075
