Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Conformance Checking of Access Control Policies Specified in XACML

Published

Author(s)

Vincent C. Hu, Evan Martin, Tao Xie

Abstract

Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem. Furthermore, XACML is intentionally designed to be generic: it provides the freedom in describing access control policies, which are well-known or invented ones. But the flexibility and expressiveness provided by XACML come at the cost of complexity, verbosity, and lack of desirable-property enforcement. Often common properties for specific access control policies may not be satisfied when these policies are specified in XACML, causing the discrepancy between what the policy authors intend to specify and what the actually specified XACML policies reflect. In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and testing tools for XACML policies.
Conference Location
, USA
Conference Title
First IEEE International Workshop on Security in Software Engineering (IWSSE)

Keywords

access control, access control policy, grid computing, trust domain

Citation

Hu, V. , Martin, E. and Xie, T. (2007), Conformance Checking of Access Control Policies Specified in XACML, First IEEE International Workshop on Security in Software Engineering (IWSSE), , USA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51160 (Accessed November 20, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 23, 2007, Updated October 12, 2021