论文信息 - The Logic of XACML

The Logic of XACML

We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artefacts we provide an alternative way of characterizing the policy combining algorithms and we formally prove the equivalence of these approaches. This allows us to pinpoint the shortcoming of previous approaches to formalization based either on Belnap logic or on \(\mathcal{D}\)-algebra.

Flemming Nielson | Hanne Riis Nielson | Carroline Dewi Puspa Kencana Ramli

[1] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[2] Michael Huth,et al. A simple and expressive semantic framework for policy composition in access control , 2007, FMSE '07.

[3] Flemming Nielson,et al. Advice from Belnap Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[4] Joseph Y. Halpern,et al. Using First-Order Logic to Reason about Policies , 2008, TSEC.

[5] Michael Huth,et al. Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[6] Mark Evered,et al. A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[7] Gail-Joon Ahn,et al. Reasoning about XACML Policy Descriptions in Answer Set Programming ( Preliminary Report ) , 2010 .

[8] Jorge Lobo,et al. D-algebra for composing access control policy decisions , 2009, ASIACCS '09.

[9] Paul Montague,et al. Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32 , 2004 .

[10] Bijan Parsia,et al. Formalizing XACML Using Defeasible Description Logics , 2007 .

[11] Nuel D. Belnap,et al. A Useful Four-Valued Logic , 1977 .