论文信息 - Reasoning about XACML policies using CSP

Reasoning about XACML policies using CSP

In this work we explore the use of process algebra in formalising and analysing access control policies. We do this by considering a standard access control language (XACML) and show how the core concepts in the language can be represented in CSP. We then show how properties of these policies may also be described in CSP, and how model checking may be used to verify that a policy meets the property.We further consider how we may introduce a notion of workflow into this framework, and show that a simple appreciation of the workflow context may limit the things we need to verify about a policy.

Jeremy Bryans | J. Bryans

[1] Michael Carl Tschantz,et al. Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[2] Peter Y. A. Ryan,et al. Mathematical Models of Computer Security , 2000, FOSAD.

[3] Andrew William Roscoe,et al. The Theory and Practice of Concurrency , 1997 .

[4] Bill Roscoe,et al. Web Services Security: a preliminary study using Casper and FDR , 2004 .

[5] Peter Y. A. Ryan,et al. A Process Algebraic Approach to Security Policies , 2002, DBSec.

[6] Pierre-Yves Schobbens,et al. Model-Checking Access Control Policies , 2004, ISC.

[7] Andrew D. Gordon,et al. A semantics for web services authentication , 2004, Theor. Comput. Sci..

[8] Sabrina De Capitani di Vimercati,et al. Access control: principles and solutions , 2003, Softw. Pract. Exp..

[9] Mark Ryan,et al. Synthesising verified access control systems in XACML , 2004, FMSE '04.

[10] Michael Goldsmith,et al. Modelling and analysis of security protocols , 2001 .

[11] Steve A. Schneider,et al. Concurrent and Real-time Systems: The CSP Approach , 1999 .

[12] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .