文章基本信息

标题：A COMPREHENSIVE FRAMEWORK FOR MANAGING CONFLICTS/ANOMALIES BETWEEN XACML POLICIES: MATHEMATICAL BASIS AND ARCHITECTURE
本地全文：下载
作者：MOHAMED YAHIAOUI ; AHMED ZINEDINE ; MOSTAFA HARTI 等
期刊名称：Journal of Theoretical and Applied Information Technology
印刷版ISSN：1992-8645
电子版ISSN：1817-3195
出版年度：2013
卷号：49
期号：3
出版社：Journal of Theoretical and Applied
摘要：In this work we address the problem of detection and resolution of conflicts/anomalies between XACML (eXtensible Access Control Markup Language) policies of access control. We mean here by conflict/Anomaly the case where several policies give conflicting answers (deny, allow) to a same access request. Indeed, this problem is foreseeable in access control systems based on policies in general. We give more attention to the mathematical formalism of the problem. We introduce the notion of the canonical representation of the query space. This is a partition of the query space formed by authorization classes. Each authorization class regroups queries that are intercepted by the same policies. This classification provides a natural way to handle interferences between policy targets (in other words conflicts/anomalies). Then we bring the study of the problem from the whole query space to elements of its canonical representation. The final result of this work is a Framework for detection and resolution of conflicts/anomalies between XACML policies. This Framework, which is located in the PAP (Policy Administration Point), is responsible for generating a conflicts-free representation from the initially provided policies. This representation is dynamically maintained and updated by the Framework following the addition, deletion or modification of policies.
关键词：Access Control; XACML; Policy; Anomaly; Conflict; Anomaly Detection And Resolution; FIA Algebra; Canonical Representation