Title :
A Conflict Detection Approach for XACML Policies on Hierarchical Resources
Author_Institution :
Heidelberg Inst. for Theor. Studies (HITS), Heidelberg, Germany
Abstract :
Organizational collaborations consider specifying the access control policies of the resources in collaborations by XACML(eXtensible Access Control Markup Language). This gives rise to two problems, one is that the XACML policies used in collaborations will possibly have conflicts with the original policies of the organization, the other problem is that many organizations have a large number of resources, while these resources are organized into hierarchical structure. These two problems make it a challenge to detect the conflicts on a large number of resources. In this paper we will present an assumed pattern of organizational collaboration on which our conflict detection approach is based. We will propose a model checking based approach to detect the conflicts between original XACML policies of an organization and target XACML policies of an organizational collaboration. We handle two sorts of conflicts in XACML policies, i.e. authorization conflict of roles and conditional conflicts on resources. Our detection approach and the performance test results will be presented in this paper.
Keywords :
XML; authorisation; formal verification; groupware; organisational aspects; access control policy; authorization conflict; conflict detection approach; etensible access control markup language; hierarchical resources; hierarchical structure; model checking; organizational collaborations; target XACML policy; Authorization; Boolean functions; Collaboration; Data structures; Model checking; Organizations; XACML; access control; model checking; policy conflict;
Conference_Titel :
Green Computing and Communications (GreenCom), 2012 IEEE International Conference on
Conference_Location :
Besancon
Print_ISBN :
978-1-4673-5146-1
DOI :
10.1109/GreenCom.2012.124
