A Formal Validation Approach for XACML 3.0 Access Control Policy

Caserio, Carmine; Lonetti, Francesca; Marchetti, Eda

doi:10.3390/s22082984

Cited by 3 publications

(1 citation statement)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section explains the essential access control components [7], briefly described below: Policies: a policy on access control describes the rules governing the access of subjects to resources. It is a physical expression of the subject's authorised behaviour towards the resource, also known as access control policy (subject-tuple, resource-tuple, operation-tuple, environment-tuple, state).…”

Section: Access Control Componentsmentioning

confidence: 99%

Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment

Ayedh M,

Wahab,

Idris

2023

Applied Sciences

View full text Add to dashboard Cite

Organisations are adopting new IT strategies such as “Bring Your Own Device” (BYOD) and remote working. These trends are highly beneficial both for enterprise owners and employees in terms of increased productivity and reduced costs. However, security issues such as unauthorised access as well as privacy concerns pose significant obstacles. These can be overcome by adopting access control techniques and a dynamic security and privacy policy that governs these issues where they arise. Policy decision points in traditional access control systems, such as role-based access control (RBAC), attribute-based access control (ABAC), or relationship-based access control (ReBAC), may be limited because the status of access control can vary in response to minor changes in user and resource properties. As a result, system administrators rely on a solution for constructing complex rules with many conditions and permissions for decision control. This results in access control issues, including policy conflicts, decision-making bottlenecks, delayed access response times and mediocre performance. This paper proposes a policy decision-making and access control-based supervised learning algorithm. The algorithm enhances policy decision points (PDPs). This is achieved by transforming the PDP’s problem into a binary classification for security access control that either grants or denies access requests. Also, a vector decision classifier based on the supervised machine learning algorithm is developed to generate an accurate, effective, distributed and dynamic policy decision point (PDP). Performance was evaluated using the Kaggle-Amazon access control policy dataset, which compared the effectiveness of the proposed mechanism to previous research benchmarks in terms of performance, time and flexibility. The proposed solution obtains a high level of privacy for access control policies because the PDP does not communicate directly with the policy administration point (PAP). In conclusion, PDP-based ML generates accurate decisions and can simultaneously fulfill multiple massive policies and huge access requests with 95% Accuracy in a short response time of around 0.15 s without policy conflicts. Access control security is improved by making it dynamic, adaptable, flexible and distributed.

show abstract

Section: Access Control Componentsmentioning

confidence: 99%

Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment

Ayedh M,

Wahab,

Idris

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments

Cremonezi

Rocha

Vieira

et al. 2023

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization

Cutler,

Disselkoen,

Eline

et al. 2024

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Cedar is a new authorization policy language designed to be ergonomic, fast, safe, and analyzable. Rather than embed authorization logic in an application’s code, developers can write that logic as Cedar policies and delegate access decisions to Cedar’s evaluation engine. Cedar’s simple and intuitive syntax supports common authorization use-cases with readable policies, naturally leveraging concepts from role-based, attribute-based, and relation-based access control models. Cedar’s policy structure enables access requests to be decided quickly. Cedar’s policy validator leverages optional typing to help policy writers avoid mistakes, but not get in their way. Cedar’s design has been finely balanced to allow for a sound and complete logical encoding, which enables precise policy analysis, e.g., to ensure that when refactoring a set of policies, the authorized permissions do not change. We have modeled Cedar in the Lean programming language, and used Lean’s proof assistant to prove important properties of Cedar’s design. We have implemented Cedar in Rust, and released it open-source. Comparing Cedar to two open-source languages, OpenFGA and Rego, we find (subjectively) that Cedar has equally or more readable policies, but (objectively) performs far better.

show abstract

A Formal Validation Approach for XACML 3.0 Access Control Policy

Cited by 3 publications

References 40 publications

Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment

Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment

A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments

Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization

Contact Info

Product

Resources

About