Policy Conflict Analysis Using Free Variable Tableaux for Access Control in Web Services Environments

Web Services technologies are now an active research area. By integrating individual existing web systems the technology enables the provision of advanced and sophisticated services, such as allowing users to use different types of resources and services simultaneously in a simple procedure. However the management and maintenance of a large number of Web Services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes an approach using free variable tableaux for detecting conflicts resulting from the combination of various kinds of authorization and constraint policies used in Web Services environments. The method not only enables static detection of policy conflicts such as modality and static constraint conflicts but also yields information that is helpful for correcting the policies.

[1]  Patrick C. K. Hung,et al.  From conflict of interest to separation of duties in WS-policy for Web services matchmaking process , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[2]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[3]  Yuji Sakata,et al.  A method for composing process of nondeterministic Web services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[4]  J. Leon Zhao,et al.  Web Services Enabled E-Market Access Control Model , 2004, Int. J. Web Serv. Res..

[5]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  André Zúquete,et al.  Security Policy Consistency , 2000, ArXiv.

[7]  Wolfgang Bibel,et al.  leanCoP: lean connection-based theorem proving , 2003, J. Symb. Comput..

[8]  Mark Strembeck Conflict checking of separation of duty constraints in RBAC - implementation experiences , 2004, IASTED Conf. on Software Engineering.

[9]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[11]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[12]  K. Yokoyama,et al.  A method for composing process of nondeterministic Web services , 2004 .

[13]  Bernhard Beckert,et al.  leanTAP: Lean tableau-based deduction , 1995, Journal of Automated Reasoning.

[14]  Elisa Bertino,et al.  Access Control in Dynamic XML-Based Web-Services with X-RBAC , 2003, ICWS.

[15]  Melvin Fitting,et al.  First-Order Logic and Automated Theorem Proving , 1990, Graduate Texts in Computer Science.

[16]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[17]  Frédéric Cuppens,et al.  A stratification-based approach for handling conflicts in access control , 2003, SACMAT '03.

[18]  Anne H. Anderson An introduction to the Web Services Policy Language (WSPL) , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[19]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[20]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[21]  Krysia Broda,et al.  Policy conflict analysis using tableaux for on demand VPN framework , 2005, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks.