基于属性的RESTful服务访问控制语言与XACML的形式化比较

Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies Pub Date : 2016-06-06 DOI:10.1145/2914642.2914663

Marc Hüffmeyer, Ulf Schreier

{"title":"基于属性的RESTful服务访问控制语言与XACML的形式化比较","authors":"Marc Hüffmeyer, Ulf Schreier","doi":"10.1145/2914642.2914663","DOIUrl":null,"url":null,"abstract":"This work introduces RestACL - an access control language for RESTful Services - and compares it with XACML using formal methods. XACML is a generic approach that targets Attribute Based Access Control (ABAC) in general. RestACL is founded on the ideas of the ABAC model, too, but utilizes the concepts of REST enabling a quicker evaluation of access requests. This work gives a brief introduction over the main ideas of RestACL and proves its evidence by giving transformation rules to translate security policies from RestACL to XACML and vice versa. The formalized transformation descriptions show the expressive strength of RestACL, because they demonstrate that any generic ABAC policy written in XACML can be expressed with RestACL, too. The correctness and completeness of RestACL can be proved with the transformation rules, too.","PeriodicalId":388649,"journal":{"name":"Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Formal Comparison of an Attribute Based Access Control Language for RESTful Services with XACML\",\"authors\":\"Marc Hüffmeyer, Ulf Schreier\",\"doi\":\"10.1145/2914642.2914663\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This work introduces RestACL - an access control language for RESTful Services - and compares it with XACML using formal methods. XACML is a generic approach that targets Attribute Based Access Control (ABAC) in general. RestACL is founded on the ideas of the ABAC model, too, but utilizes the concepts of REST enabling a quicker evaluation of access requests. This work gives a brief introduction over the main ideas of RestACL and proves its evidence by giving transformation rules to translate security policies from RestACL to XACML and vice versa. The formalized transformation descriptions show the expressive strength of RestACL, because they demonstrate that any generic ABAC policy written in XACML can be expressed with RestACL, too. The correctness and completeness of RestACL can be proved with the transformation rules, too.\",\"PeriodicalId\":388649,\"journal\":{\"name\":\"Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2914642.2914663\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2914642.2914663","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

本文介绍了RestACL——一种RESTful服务的访问控制语言——并将其与使用形式化方法的XACML进行了比较。XACML是一种针对基于属性的访问控制(ABAC)的通用方法。RestACL也是基于ABAC模型的思想，但它利用了REST的概念，可以更快地评估访问请求。本文简要介绍了RestACL的主要思想，并通过给出将安全策略从RestACL转换为XACML的转换规则来证明其证据。形式化的转换描述显示了RestACL的表达强度，因为它们证明了用XACML编写的任何通用ABAC策略也可以用RestACL表示。RestACL的正确性和完整性也可以用转换规则来证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Formal Comparison of an Attribute Based Access Control Language for RESTful Services with XACML

This work introduces RestACL - an access control language for RESTful Services - and compares it with XACML using formal methods. XACML is a generic approach that targets Attribute Based Access Control (ABAC) in general. RestACL is founded on the ideas of the ABAC model, too, but utilizes the concepts of REST enabling a quicker evaluation of access requests. This work gives a brief introduction over the main ideas of RestACL and proves its evidence by giving transformation rules to translate security policies from RestACL to XACML and vice versa. The formalized transformation descriptions show the expressive strength of RestACL, because they demonstrate that any generic ABAC policy written in XACML can be expressed with RestACL, too. The correctness and completeness of RestACL can be proved with the transformation rules, too.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies

自引率

0.00%

发文量