Policy Composition

In collaborative environments where resources must be shared across multiple sites, the access control policies of the participants must be combined in order to define a coherent policy. The relevant challenge in composing access policies is to deal with inconsistencies or modality conflicts. This difficulty exacerbates when the policies to compose are specified independently by different entities with no global power to decide in case of conflicts which entity must take precedence. This paper presents a semi-automated framework called Policy Composition and Conflict Resolution framework (P2CR) to address this issue. They focus on access control policies expressed as XACML statements. The authors propose a three-level conflicts resolution strategy: i) by using metadata added to the policies, ii) by using a defeasible logic theory, and iii) by providing recommendations to the entities owners of the resources. First, they provide a mechanism to add metadata to XACML. Second, they combine the access policies without prioritizing any of the entities involved in the composition. Given the context of the authors’ work, they consider this approach to be more suitable than the current approaches that are mainly negotiation-oriented or assign priorities to the policies. Finally, the resulting composite policy appears flexible and easily adjustable to runtime conflicts.

Download Full-text

Detecting Incorrect Uses of Combining Algorithms in XACML 3.0 Policies

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s021819401540032x ◽

2015 ◽

Vol 25 (09n10) ◽

pp. 1551-1571

Author(s):

Dianxiang Xu ◽

Ning Shen ◽

Yunpeng Zhang

Keyword(s):

Access Control ◽

Theoretical Foundation ◽

Empirical Studies ◽

Denial Of Service ◽

Control Methods ◽

Constraint Solver ◽

Access Control Policies ◽

Policy Composition ◽

Attribute Based Access Control ◽

The Given

With the increasing complexity of software, new access control methods have emerged to deal with attribute-based authorization. As a standard language for specifying attribute-based access control policies, XACML offers a number of rule and policy combining algorithms to meet different needs of policy composition. Due to their variety and complexity, however, it is not uncommon to apply combining algorithms incorrectly, which can lead to unauthorized access or denial of service. To solve this problem, this paper presents a fault-based testing approach for revealing incorrect combining algorithms in XACML 3.0 policies. The theoretical foundation of this approach relies on the formalization of semantic differences between rule combining algorithms and between policy combining algorithms. It allows the use of a constraint solver for generating queries to which a given policy produces different responses than its combining algorithm-based mutants. Such queries can determine whether or not the given combining algorithm is used correctly. Our empirical studies using various XACML policies have demonstrated that our approach is effective.

Download Full-text