A Conflict Detection Approach for XACML Policies on Hierarchical Resources

IEEE/ACM International Conference on Green Computing and Communications Pub Date : 2012-11-20 DOI:10.1109/GreenCom.2012.124

Xiaofeng Xia

{"title":"A Conflict Detection Approach for XACML Policies on Hierarchical Resources","authors":"Xiaofeng Xia","doi":"10.1109/GreenCom.2012.124","DOIUrl":null,"url":null,"abstract":"Organizational collaborations consider specifying the access control policies of the resources in collaborations by XACML(eXtensible Access Control Markup Language). This gives rise to two problems, one is that the XACML policies used in collaborations will possibly have conflicts with the original policies of the organization, the other problem is that many organizations have a large number of resources, while these resources are organized into hierarchical structure. These two problems make it a challenge to detect the conflicts on a large number of resources. In this paper we will present an assumed pattern of organizational collaboration on which our conflict detection approach is based. We will propose a model checking based approach to detect the conflicts between original XACML policies of an organization and target XACML policies of an organizational collaboration. We handle two sorts of conflicts in XACML policies, i.e. authorization conflict of roles and conditional conflicts on resources. Our detection approach and the performance test results will be presented in this paper.","PeriodicalId":321031,"journal":{"name":"IEEE/ACM International Conference on Green Computing and Communications","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM International Conference on Green Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GreenCom.2012.124","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Organizational collaborations consider specifying the access control policies of the resources in collaborations by XACML(eXtensible Access Control Markup Language). This gives rise to two problems, one is that the XACML policies used in collaborations will possibly have conflicts with the original policies of the organization, the other problem is that many organizations have a large number of resources, while these resources are organized into hierarchical structure. These two problems make it a challenge to detect the conflicts on a large number of resources. In this paper we will present an assumed pattern of organizational collaboration on which our conflict detection approach is based. We will propose a model checking based approach to detect the conflicts between original XACML policies of an organization and target XACML policies of an organizational collaboration. We handle two sorts of conflicts in XACML policies, i.e. authorization conflict of roles and conditional conflicts on resources. Our detection approach and the performance test results will be presented in this paper.

查看原文本刊更多论文

层次资源上XACML策略的冲突检测方法

组织协作考虑使用XACML(可扩展访问控制标记语言)指定协作中资源的访问控制策略。这就产生了两个问题，一是协作中使用的XACML策略可能会与组织的原始策略发生冲突，二是许多组织拥有大量的资源，而这些资源被组织成层次结构。这两个问题使得检测大量资源上的冲突成为一项挑战。在本文中，我们将提出一种假定的组织协作模式，我们的冲突检测方法就是基于这种模式。我们将提出一种基于模型检查的方法来检测组织的原始XACML策略与组织协作的目标XACML策略之间的冲突。我们在XACML策略中处理两种冲突，即角色的授权冲突和资源上的条件冲突。本文将介绍我们的检测方法和性能测试结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE/ACM International Conference on Green Computing and Communications

自引率

0.00%

发文量