Abstract
Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy.
XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems.However, while rights are well-captured by authorizations, duties, also called obligations, are not well managed by XACML architecture. The current version of XACML lacks (1) well-defined syntax to express obligations and (2) an unified model to handle decision making w.r.t. obligation states and the history of obligations fulfillment/violation. In this work, we propose an extension of XACML reference model that integrates obligation states in the decision making process. We have extended XACML language and architecture for a better obligations support and have shown how obligations are managed in our proposed extended XACML architecture: OB-XACML.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, X.: Formal model and analysis of usage control, Ph.D. dissertation (2006)
Li, N., Chen, H., Bertino, E.: On practical specification and enforcement of obligations. In: CODASPY, pp. 71–82 (2012)
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)
Elrakaiby, Y., Mouelhi, T., Traon, Y.L.: Testing obligation policy enforcement using mutation analysis. In: ICST, pp. 673–680 (2012)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
e-Ghazia, U., Masood, R., Shibli, M.A., Bilal, M.: Usage control model specification in XACML policy language. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 68–79. Springer, Heidelberg (2012)
Maurizio Colombo, F.M., Lazouski, A., Mori, P.: A proposal on enhancing xacml with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing. Springer, USA (2010)
Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012)
Kateb, D.E., Mouelhi, T., Traon, Y.L., Hwang, J., Xie, T.: Refactoring access control policies for performance improvement. In: ICPE, pp. 323–334 (2012)
Hwang, J., Xie, T., Kateb, D.E., Mouelhi, T., Traon, Y.L.: Selection of regression system tests for security policy evolution. In: ASE, pp. 266–269 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
El Kateb, D., ElRakaiby, Y., Mouelhi, T., Rubab, I., Le Traon, Y. (2015). Towards a Full Support of Obligations in XACML. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-17127-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17126-5
Online ISBN: 978-3-319-17127-2
eBook Packages: Computer ScienceComputer Science (R0)