XACML Policies for Exclusive Resource Usage

Dhankhar, Vijayant; Kaushik, Saket; Wijesekera, Duminda

doi:10.1007/978-3-540-73538-0_20

Cited by 6 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…He also provided the specifications of REA; in this way, XACML become more expressive access control language. [16] extended XACML syntax for supporting exclusive access to resources, and furthermore, add a lock manager to the policy enforcement module in order to enforce Chinese Wall constraints and DSoD. Bertino et al supported RBAC SoD in XACML in [17], but with OWL ontology, keeping user role activation state up-to-date in OWL ontology.…”

Section: Related Workmentioning

confidence: 98%

RBAC Constraints Specification and Enforcement in Extended XACML

Helil

Rahman

2010

2010 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

Constraints are considered to be the principal motivation for RBAC model. XACML profile for RBAC can not meet the need of expressing static and dynamic RBAC constraints well. We give the XACML syntax of common static and dynamic Separation of Duty constraints and cardinality constraints of RBAC. We also complement Role Enablement Authority to extend this profile in order to enforce these constraints.

show abstract

Section: Related Workmentioning

confidence: 98%

RBAC Constraints Specification and Enforcement in Extended XACML

Helil

Rahman

2010

2010 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

show abstract

“…A central lock manager, for example as suggested in [7], will then be required to ensure safe policy checks for concurrent authorisation requests, so that the SSD/DSD constraints ensure that less than a given number of sessions for a given role are active at the same time. This central lock manager needs to be extended to block updates of sessions and their roles by the REA and the Identity Manager during checking of SSD/DSD constraints to avoid race conditions that could violate the constraints.…”

Section: Spatial Separation Of Duties Constraints In Geoxacmlmentioning

confidence: 99%

Mobile Security with Location-Aware Role-Based Access Control

Ulltveit-Moe

Oleshchuk

2012

Security and Privacy in Mobile Information and Communication Systems

View full text Add to dashboard Cite

Abstract. This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems.

show abstract

“…In this aspect, our work provides a complete end to end security cover for workflows. Because we use XACML based policies for expressing security requirements, we can utilize earlier extensions like the lock manager enhancements by Dhankhar et al [11] to enforce RBAC-like authorization constraints.…”

Section: Related Workmentioning

confidence: 99%

“…Dhankhar et al have extended reference XACML implementation [26] with extensions to enforce exclusive use [11] and distributed policy evaluation [12] within a nested transaction tree framework. This paper extends their work to fully distribute evaluation and enforcement of XACML policies.…”

Section: Related Workmentioning

confidence: 99%

“…In this paper we supply the necessary extensions to V. Atluri current XACML standard and reference implementation to be able to evaluate and enforce XACML policies in a fully-distributed manner. We enhance our previous [11,12] work in achieving this objective in this paper by passing sufficient contextual information between XCAML PDPs and PEPs so that the passed information contain sufficient information to control the distrbuted usage of resources such as flow control ans synhronization. Such techniques can be used in more contemporary workflow languages like BPEL.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Securing Workflows with XACML, RDF and BPEL

Dhankhar

Kaushik

Wijesekera

2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The XACML is the access controller of the World Wide Web (WWW). The current reference implementation has a single policy decision point and a policy enforcement point. If XACML policies are used to control workflow among cooperating web services, such as those envisioned in more contemporary languages like (BPEL), it requires coordination to be policy compliant. We propose the necessary enhancements required to do so by passing contextual information that are needed for the requester to evaluate an access control decision as opposed to the standard four decision values of permit, deny, indeterminate to make a decision and an unforeseeable error occurred during evaluation. Proposed contextual information is sufficient to coordinate and if necessary synchronize among coordinating policy enforcement points distributed among the WWW. We show how the contextual information can be constructed and verified using the Resource Description Framework (RDF) and the coordination implemented using BPEL.

show abstract

XACML Policies for Exclusive Resource Usage

Abstract: Abstract. The extensible access control markup language (XACML) is the standard access control policy specification language of the World Wide Web. XACML does not provide exclusive accesses to globally resources. We do so by enhancing the policy execution framework with locks.

Cited by 6 publications

References 9 publications

RBAC Constraints Specification and Enforcement in Extended XACML

RBAC Constraints Specification and Enforcement in Extended XACML

Mobile Security with Location-Aware Role-Based Access Control

Securing Workflows with XACML, RDF and BPEL

Contact Info

Product

Resources

About