Title :
An Algorithm for Compression of XACML Access Control Policy Sets by Recursive Subsumption
Author :
Stepien, Bernard ; Matwin, Stan ; Felty, Amy
Author_Institution :
Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada
Abstract :
Policy administrators increasingly face the challenge of managing large policy bases, and this need becomes more acute with the growing importance of fine-grained access control models, e.g. ABAC. We have shown in previous work that simple policies mostly based on conjunctions of single attribute conditions, can be merged into more complex conditions composed of combinations of conjunctions and disjunctions of attribute/value pairs. Here, we propose an algorithm that uses a recursive process of subsumption applied on the original set of policies that results in a complex and short policy, often significantly compressing the original policy. We present this algorithm, and discuss the advantages of this approach, i.e. its performance when working on the policy structures encountered in real-life policy sets, its scalability, and its ability to deal with large alphabet sets.
Keywords :
XML; authorisation; formal languages; ABAC; XACML access control policy set compression; alphabet sets; attribute pairs; large policy base management; policy structures; recursive subsumption; value pairs; Access control; Availability; Merging; Scalability; Specification languages; Standardization; XML; XACML; access control; subsumption algorithm;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.38
