Advantages of a non-technical XACML notation in role-based models

Stepien, Bernard; Matwin, Stan; Felty, Amy P.

doi:10.1109/pst.2011.5971983

Cited by 20 publications

(13 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Stepien et al [11] on the other hand proposes a human readable form of a policy language. Unlike the previous policy templates, this is based on a well known standard XACML [31], [32].…”

Section: Literature Reviewmentioning

confidence: 99%

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Ali

Moreau

2013

2013 International Conference on Cloud and Green Computing

View full text Add to dashboard Cite

Abstract-Provenance plays a pivotal in tracing the origin of something and determining how and why something had occurred. With the emergence of the cloud and the benefits it encompasses, there has been a rapid proliferation of services being adopted by commercial and government sectors. However, trust and security concerns for such services are on an unprecedented scale. Currently, these services expose very little internal working to their customers; this can cause accountability and compliance issues especially in the event of a fault or error, customers and providers are left to point finger at each other. Provenance-based traceability provides a mean to address part of this problem by being able to capture and query events occurred in the past to understand how and why it took place. However, due to the complexity of the cloud infrastructure, the current provenance models lack the expressibility required to describe the inner-working of a cloud service. For a complete solution, a provenance-aware policy language is also required for operators and users to define policies for compliance purpose. The current policy standards do not cater for such requirement.To address these issues, in this paper we propose a provenance (traceability) model cProv, and a provenance-aware policy language (cProvl) to capture traceability data, and express policies for validating against the model. For implementation, we have extended the XACML3.0 architecture to support provenance, and provided a translator that converts cProvl policy and request into XACML type.

show abstract

“…Stepien et al [11] on the other hand proposes a human readable form of a policy language. Unlike the previous policy templates, this is based on a well known standard XACML [31], [32].…”

Section: Literature Reviewmentioning

confidence: 99%

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Ali

Moreau

2013

2013 International Conference on Cloud and Green Computing

View full text Add to dashboard Cite

show abstract

“…In [17] we have proposed a metric to measure the impact of policy specification styles that compared two opposing styles: the use of simple conjunctions of attribute conditions and the use of complex conditions using combinations of conjunctions and disjunctions of attribute conditions. If a policy set has n attributes a 1, …, a n with corresponding n a1 , …, n an possible values v for each attribute (size of alphabet), the number of policies np required to cover the entire permission space is the number of combinations between attributes and their values:…”

Section: Performance Measurementmentioning

confidence: 99%

“…In [17] we used a concrete small example of 18 policies that were automatically generated using the combinations of values of 3 attributes X, Y, Z that each have alphabets of {10, 20, 30}, {"a", "b", "c"}, {true, false}, respectively, as follows:…”

Section: Policy Compression Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

An Algorithm for Compression of XACML Access Control Policy Sets by Recursive Subsumption

Stepien

Matwin

Felty

2012

2012 Seventh International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-Policy administrators increasingly face the challenge of managing large policy bases, and this need becomes more acute with the growing importance of fine-grained access control models, e.g. ABAC. We have shown in previous work that simple policies mostly based on conjunctions of single attribute conditions, can be merged into more complex conditions composed of combinations of conjunctions and disjunctions of attribute/value pairs. Here, we propose an algorithm that uses a recursive process of subsumption applied on the original set of policies that results in a complex and short policy, often significantly compressing the original policy. We present this algorithm, and discuss the advantages of this approach, i.e. its performance when working on the policy structures encountered in real-life policy sets, its scalability, and its ability to deal with large alphabet sets.

show abstract

“…Inglesant et al [8] have presented a constrained natural language to ease the understanding of authorization policies. Stiepen et al [9] worked on a non technical notation to facilitate the understanding of XACML authorization policies. All these works are important to help people to understand the risks they face and to let technical documents like privacy policies or authorization policies understandable to everyone.…”

Section: Introductionmentioning

confidence: 99%

KAPUER: A Decision Support System for Privacy Policies Specification

Oglaza¹,

Zaraté²,

Laborde³

2014

Ann. Data. Sci.

View full text Add to dashboard Cite

International audienceWe are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system, named KAPUER, that proposes high level authorization policies by learning users’ privacy preferences. KAPUER has been integrated into XACML and three learning algorithms have been evaluated

show abstract

Advantages of a non-technical XACML notation in role-based models

Cited by 20 publications

References 15 publications

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

An Algorithm for Compression of XACML Access Control Policy Sets by Recursive Subsumption

KAPUER: A Decision Support System for Privacy Policies Specification

Contact Info

Product

Resources

About