Analyzing web access control policies

Vladimir Kolovski, James Hendler, Bijan Parsia

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it has proved difficult to analyze in an automated fashion. In this paper, we present a formalization of XACML using description logics (DL), which are a decidable fragment of First-Order logic. This formalization allows us to cover a more expressive subset of XACML than propositional logic-based analysis tools, and in addition we provide a new analysis service (policy redundancy). Also, mapping XACML to description logics allows us to use off-the-shelf DL reasoners for analysis tasks such as policy comparison, verification and querying. We provide empirical evaluation of a policy analysis tool that was implemented on top of open source DL reasoner Pellet.
    Original languageEnglish
    Title of host publication16th International World Wide Web Conference, WWW2007|Int. World Wide Web Conf.
    PublisherAssociation for Computing Machinery
    Pages677-686
    Number of pages9
    ISBN (Print)1595936548, 9781595936547
    DOIs
    Publication statusPublished - 2007
    Event16th International World Wide Web Conference, WWW2007 - Banff, AB
    Duration: 1 Jul 2007 → …
    http://dblp.uni-trier.de/db/conf/www/www2007.html#KolovskiHP07http://dblp.uni-trier.de/rec/bibtex/conf/www/KolovskiHP07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/www/KolovskiHP07

    Conference

    Conference16th International World Wide Web Conference, WWW2007
    CityBanff, AB
    Period1/07/07 → …
    Internet address

    Keywords

    • Access control
    • Description logics
    • Policy analysis
    • XACML

    Fingerprint

    Dive into the research topics of 'Analyzing web access control policies'. Together they form a unique fingerprint.

    Cite this