Formal representation of conflict zones in XACML access control systems

Autor:	Ahmed Zinedine, Mohamed Yahiaoui, Mostafa Harti
Rok vydání:	2012
Předmět:	Class (computer programming) Theoretical computer science Markup language Computer science computer.internet_protocol business.industry XACML Access control Resolution (logic) Canonical form business Formal verification computer XML computer.programming_language
Zdroj:	CIST
DOI:	10.1109/cist.2012.6388075
Popis:	In this work we propose a new approach for handling the problem of detection and resolution of conflicts/anomalies between XACML (eXtensible Access Control Markup Language) policies. We give more attention to the mathematical formalism of the problem. We introduce the notion of the canonical representation of the query space. This is a partition of the query space formed by authorization classes. Each authorization class regroups queries that are intercepted by the same policies. This classification provides a natural way to handle interferences between policy targets (in other words conflicts /anomalies). Then we bring the study of the problem from the whole query space to elements of its canonical representation. After, we study the impact of adding and deleting policies from the policy repository on the canonical representation. This is important when this canonical representation is integrated as a part of a Framework for conflict detection and resolution in XACML access control systems.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::fe1eeab77250326835a2fc538fd94294 https://doi.org/10.1109/cist.2012.6388075 Zobrazit plný text záznamu