Formal representation of conflict zones in XACML access control systems

M. Yahiaoui, Ahmed Zinedine, M.-A. Harti
{"title":"Formal representation of conflict zones in XACML access control systems","authors":"M. Yahiaoui, Ahmed Zinedine, M.-A. Harti","doi":"10.1109/CIST.2012.6388075","DOIUrl":null,"url":null,"abstract":"In this work we propose a new approach for handling the problem of detection and resolution of conflicts/anomalies between XACML (eXtensible Access Control Markup Language) policies. We give more attention to the mathematical formalism of the problem. We introduce the notion of the canonical representation of the query space. This is a partition of the query space formed by authorization classes. Each authorization class regroups queries that are intercepted by the same policies. This classification provides a natural way to handle interferences between policy targets (in other words conflicts /anomalies). Then we bring the study of the problem from the whole query space to elements of its canonical representation. After, we study the impact of adding and deleting policies from the policy repository on the canonical representation. This is important when this canonical representation is integrated as a part of a Framework for conflict detection and resolution in XACML access control systems.","PeriodicalId":120664,"journal":{"name":"2012 Colloquium in Information Science and Technology","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Colloquium in Information Science and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIST.2012.6388075","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

In this work we propose a new approach for handling the problem of detection and resolution of conflicts/anomalies between XACML (eXtensible Access Control Markup Language) policies. We give more attention to the mathematical formalism of the problem. We introduce the notion of the canonical representation of the query space. This is a partition of the query space formed by authorization classes. Each authorization class regroups queries that are intercepted by the same policies. This classification provides a natural way to handle interferences between policy targets (in other words conflicts /anomalies). Then we bring the study of the problem from the whole query space to elements of its canonical representation. After, we study the impact of adding and deleting policies from the policy repository on the canonical representation. This is important when this canonical representation is integrated as a part of a Framework for conflict detection and resolution in XACML access control systems.
冲突区域在XACML访问控制系统中的正式表示
在这项工作中,我们提出了一种新的方法来处理XACML(可扩展访问控制标记语言)策略之间的冲突/异常的检测和解决问题。我们更多地关注这个问题的数学形式。我们引入了查询空间的规范化表示的概念。这是由授权类构成的查询空间的分区。每个授权类对由相同策略截获的查询进行重新分组。这种分类为处理策略目标之间的干扰(即冲突/异常)提供了一种自然的方法。然后,我们将问题的研究从整个查询空间扩展到其规范化表示的元素。之后,我们将研究从策略存储库中添加和删除策略对规范化表示的影响。在XACML访问控制系统中将这种规范化表示集成为冲突检测和解决框架的一部分时,这一点非常重要。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信