Security automata integrated XACML and security validation

Abstract

Extensible Access Control Markup Language is an OASIS ratified standard that defines and enforces control policies. XACML bases access control on static user or resource attributes, which fails for a large class of security policies. Security automata specify security policies that base decisions on changing user or resource states. This paper extends XACML to support security automata. We demonstrate the extended XACML on a location-aware application for connected vehicles. We analyze the security of the extended XACML system. We secure the system with TLS and verify the system security using the Failure Divergence Refinement (FDR) and Casper tools.