TY - JOUR
T1 - From model-driven specification to design-level set-based analysis of XACML policies
AU - Mourad, Azzam
AU - Tout, Hanine
AU - Talhi, Chamseddine
AU - Otrok, Hadi
AU - Yahyaoui, Hamdi
N1 - Funding Information:
This work has been supported by the Associated Research Unit of the National Council for Scientific Research, CNRS-Lebanon, Lebanese American University (LAU), Khalifa University of Science, Technology & Research (KUSTAR), and NSERC Canada.
Publisher Copyright:
© 2015 Elsevier Ltd
PY - 2016/5/1
Y1 - 2016/5/1
N2 - With lot of hype surrounding policy-based computing, XACML (eXtensible Access Control Markup Language) has become the widely used de facto standard for managing access to open and distributed service-based environments like Web services. However, like any other policy language, XACML has complex syntax, which makes the policies specification process both time consuming and error prone, especially with large size policies that govern complex systems. Moreover, with the diversity of rules and conditions, hidden conflicts, redundancies and access flaws are more likely to arise, which expose Web services to security breaches at runtime. This paper proposes a UML profile that allows systematic model-driven specification of XACML policies to resolve the complexity of policies designation. Based on mathematical sets that explore the rules meanings, the paper provides also a design-level analysis to detect anomalies in the specified policies, prior to their enforcement in the system. A real life case study demonstrates the feasibility and efficiency of the proposition.
AB - With lot of hype surrounding policy-based computing, XACML (eXtensible Access Control Markup Language) has become the widely used de facto standard for managing access to open and distributed service-based environments like Web services. However, like any other policy language, XACML has complex syntax, which makes the policies specification process both time consuming and error prone, especially with large size policies that govern complex systems. Moreover, with the diversity of rules and conditions, hidden conflicts, redundancies and access flaws are more likely to arise, which expose Web services to security breaches at runtime. This paper proposes a UML profile that allows systematic model-driven specification of XACML policies to resolve the complexity of policies designation. Based on mathematical sets that explore the rules meanings, the paper provides also a design-level analysis to detect anomalies in the specified policies, prior to their enforcement in the system. A real life case study demonstrates the feasibility and efficiency of the proposition.
KW - Access control
KW - Design-level analysis
KW - Logical deductions
KW - Model-driven specification
KW - Web services security
KW - XACML policies
UR - http://www.scopus.com/inward/record.url?scp=84952845717&partnerID=8YFLogxK
U2 - 10.1016/j.compeleceng.2015.09.021
DO - 10.1016/j.compeleceng.2015.09.021
M3 - Article
AN - SCOPUS:84952845717
SN - 0045-7906
VL - 52
SP - 65
EP - 79
JO - Computers and Electrical Engineering
JF - Computers and Electrical Engineering
ER -