Abstract
The significance of XACML (Extensible Access Control Markup Language) policies for access control is immeasurably increasing particularly in web services. XACML policies are web access control policies which are used to permit the genuine users to access the resources and also deny the sham users. Generation of this XACML policy is very important task in order to avoid security seepage. Detecting and Correcting inconsistencies in access control policies are highly time consuming and tedious when size of XACML polices are high. The Process when done at execution time could even need more time and effort. The purpose of this work is to devise an anomaly detection and correction tool which could be used at the time of designing policies so as to reduce time and effort. Policy designer could easily discover and resolve the inconsistencies such as conflicts and redundancies in the XACML policies with the help of our XACML Policy Analyzer tool.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Godik, S., Moses, T.: Extensible Access Control Markup Language (XACML). version 2.0, OASIS Standard (2005)
Hu, H., Ahn, G., Kulkarni, K.: Discovery and Resolution of Anomalies in Web Access Control Policies, p. 11 (2013)
XACML. OASIS XACML committee website (2011), http://www.oasisopen.org/committees/xacml/
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 31–42 (May 1997)
Jin, J., Ahn, G., Hu, H., Covington, M., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 125–134. ACM, New York (2009)
Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., Lin, D.: Access control policy combining: theory meets practice. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 135–144. ACM (2009)
Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 1–10. ACM (2007)
Lin, D., Rao, P., Bertino, E., Li, N., Lobo, J.: Exam: A Comprehensive Environment for the Analysis of Access Control Policies. International Journal of Information Security 9(4), 253–273 (2010)
Hu, H., Ahn, E.: Enabling Verification And Conformance Testing For Access Control Model. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 195–204. ACM (2008)
Liu, A., Chen, F., Hwang, J., Xie, T.: XEngine: A Fast and Scalable XACML Policy Evaluation Engine. ACM SIGMETRICS Performance Evaluation
Bauer, L., Garriss, S., Reiter, M.: Detecting and Resolving Policy Misconfigurations In Access-Control Systems. ACM Transactions on Information and System Security (TISSEC) 1, 2–5 (2011)
Bryans, J.: Reasoning about XACML policies using CSP. In: Proceedings of the 2005 workshop on Secure Web Services, p. 35. ACM (2005)
Ahn, G., Hu, H., Lee, J., Meng, Y.: Representing and Reasoning about Web Access Control Policies. In: 34th Annual IEEE Computer Software and Applications Conference, pp. 137–146. IEEE (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Priyadharshini, M., Yowan, J., Baskaran, R. (2014). Security Enhancement in Web Services by Detecting and Correcting Anomalies in XACML Policies at Design Level. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)