Abstract
XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it has proved difficult to analyze in an automated fashion. In this paper, we present a formalization of XACML using description logics (DL), which are a decidable fragment of First-Order logic. This formalization allows us to cover a more expressive subset of XACML than propositional logic-based analysis tools, and in addition we provide a new analysis service (policy redundancy). Also, mapping XACML to description logics allows us to use off-the-shelf DL reasoners for analysis tasks such as policy comparison, verification and querying. We provide empirical evaluation of a policy analysis tool that was implemented on top of open source DL reasoner Pellet.
Original language | English |
---|---|
Title of host publication | 16th International World Wide Web Conference, WWW2007|Int. World Wide Web Conf. |
Publisher | Association for Computing Machinery |
Pages | 677-686 |
Number of pages | 9 |
ISBN (Print) | 1595936548, 9781595936547 |
DOIs | |
Publication status | Published - 2007 |
Event | 16th International World Wide Web Conference, WWW2007 - Banff, AB Duration: 1 Jul 2007 → … http://dblp.uni-trier.de/db/conf/www/www2007.html#KolovskiHP07http://dblp.uni-trier.de/rec/bibtex/conf/www/KolovskiHP07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/www/KolovskiHP07 |
Conference
Conference | 16th International World Wide Web Conference, WWW2007 |
---|---|
City | Banff, AB |
Period | 1/07/07 → … |
Internet address |
Keywords
- Access control
- Description logics
- Policy analysis
- XACML