scholarly journals An Effective Naming Heterogeneity Resolution for XACML Policy Evaluation in a Distributed Environment

Symmetry ◽  
2021 ◽  
Vol 13 (12) ◽  
pp. 2394
Author(s):  
Teo Poh Kuang ◽  
Hamidah Ibrahim ◽  
Fatimah Sidi ◽  
Nur Izura Udzir ◽  
Ali A. Alwan

Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Naming heterogeneity between the attribute values of a request and a policy is common due to syntactic variations and terminological variations, particularly among organizations of a distributed environment. Existing policy evaluation engines employ a simple string equal matching function in evaluating the similarity between the attribute values of a request and a policy, which are inaccurate, since only exact match is considered similar. This work proposes several matching functions which are not limited to the string equal matching function that aim to resolve various types of naming heterogeneity. Our proposed solution is also capable of supporting symmetrical architecture applications, in which the organization can negotiate with the users for the release of their resources and properties that raise privacy concerns. The effectiveness of the proposed matching functions on real XACML policies, designed for universities, conference management, and the health care domain, is evaluated. The results show that the proposed solution has successfully achieved higher percentages of Recall and F-measure compared with the standard Sun’s XACML implementation, with our improvement, these measures gained up to 70% and 57%, respectively.

2008 ◽  
Vol 10 (4) ◽  
pp. 1-37 ◽  
Author(s):  
Luc Bouganim ◽  
Francois Dang Ngoc ◽  
Philippe Pucheral

2002 ◽  
Vol 5 (1) ◽  
pp. 1-35 ◽  
Author(s):  
Piero Bonatti ◽  
Sabrina De Capitani di Vimercati ◽  
Pierangela Samarati

Author(s):  
Thanh-Nhan Luong ◽  
Hanh-Phuc Nguyen ◽  
Ninh-Thuan Truong

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.


Sign in / Sign up

Export Citation Format

Share Document