Policy filtering with XACML
Data(s) |
2011
|
---|---|
Resumo |
This paper presents a modified approach to evaluate access control policy similarity and dissimilarity based on the proposal by Lin et al. (2007). Lin et al.'s policy similarity approach is intended as a filter stage which identifies similar XACML policies that can be analysed further using more computationally demanding techniques based on model checking or logical reasoning. This paper improves the approach of computing similarity of Lin et al. and also proposes a mechanism to calculate a dissimilarity score by identifying related policies that are likely to produce different access decisions. Departing from the original algorithm, the modifications take into account the policy obligation, rule or policy combining algorithm and the operators between attribute name and value. The algorithms are useful in activities involving parties from multiple security domains such as secured collaboration or secured task distribution. The algorithms allow various comparison options for evaluating policies while retaining control over the restriction level via a number of thresholds and weight factors. |
Formato |
application/pdf |
Identificador | |
Publicador |
Technical Report : Information Security Institute, Queensland University of Technology |
Relação |
http://eprints.qut.edu.au/41533/1/PolicyFilteringWithXACML.pdf http://www.isi.qut.edu.au/ Pham, Quan, Reid, Jason, & Dawson, Ed (2011) Policy filtering with XACML. Technical Report : Information Security Institute, Queensland University of Technology. |
Direitos |
Copyright 2011 The Authors |
Fonte |
Faculty of Science and Technology; Information Security Institute |
Palavras-Chave | #080303 Computer System Security #080404 Markup Languages #Similarity #Dissimilarity #Relatedness #Relevance #Policy Evaluation #Policy Management #XACML #Access Control |
Tipo |
Report |