Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies

LAUR Repository

Show simple item record

dc.contributor.author Jebbaoui, Hussein
dc.contributor.author Mourad, Azzam
dc.contributor.author Otrok, Hadi
dc.contributor.author Haraty, Ramzi
dc.date.accessioned 2015-11-24T10:30:16Z
dc.date.available 2015-11-24T10:30:16Z
dc.date.copyright 2015
dc.date.issued 2015-11-24
dc.identifier.issn 0045-7906 en_US
dc.identifier.uri http://hdl.handle.net/10725/2671
dc.description.abstract XACML (eXtensible Access Control Markup Language) policies, which are widely adopted for defining and controlling dynamic access among Web/cloud services, are becoming more complex in order to handle the significant growth in communication and cooperation between individuals and composed services. However, the large size and complexity of these policies raise many concerns related to their correctness in terms of flaws, conflicts and redundancies presence. This paper addresses this problem through introducing a novel set and semantics based scheme that provides accurate and efficient analysis of XACML policies. First, our approach resolves the complexity of policies by elaborating an intermediate set-based representation to which the elements of XACML are automatically converted. Second, it allows to detect flaws, conflicts and redundancies between rules by offering new mechanisms to analyze the meaning of policy rules through semantics verification by inference rule structure and deductive logic. All the approach components and algorithms realizing the proposed analysis semantics have been implemented in one development framework. Experiments carried out on synthetic and real-life XACML policies explore the relevance of our analysis algorithms with acceptable overhead. Please visit http://www.azzammourad.org/#projects to download the framework. en_US
dc.language.iso en en_US
dc.title Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies en_US
dc.type Article en_US
dc.description.version Published en_US
dc.author.school SAS en_US
dc.author.idnumber 200904853 en_US
dc.author.idnumber 199729410
dc.author.woa N/A en_US
dc.author.department Computer Science and Mathematics en_US
dc.description.embargo N/A en_US
dc.relation.journal Computers & Electrical Engineering en_US
dc.journal.volume 44 en_US
dc.article.pages 91-103 en_US
dc.keywords Web services security en_US
dc.keywords Access control en_US
dc.keywords Policy analysis en_US
dc.keywords Set theory en_US
dc.keywords Semantics en_US
dc.keywords XACML en_US
dc.identifier.doi http://dx.doi.org/10.1016/j.compeleceng.2014.12.012 en_US
dc.identifier.ctation Jebbaoui, H., Mourad, A., Otrok, H., & Haraty, R. (2015). Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies. Computers & Electrical Engineering, 44, 91-103. en_US
dc.author.email azzam.mourad@lau.edu.lb
dc.author.email rharaty@lau.edu.lb
dc.identifier.url http://www.sciencedirect.com/science/article/pii/S0045790614003218
dc.orcid.id https://orcid.org/0000-0001-9434-5322 en_US
dc.orcid.id https://orcid.org/0000-0002-6978-3627 en_US

Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search LAUR

Advanced Search


My Account