Abstract
Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy.
XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems.However, while rights are well-captured by authorizations, duties, also called obligations, are not well managed by XACML architecture. The current version of XACML lacks (1) well-defined syntax to express obligations and (2) an unified model to handle decision making w.r.t. obligation states and the history of obligations fulfillment/violation. In this work, we propose an extension of XACML reference model that integrates obligation states in the decision making process. We have extended XACML language and architecture for a better obligations support and have shown how obligations are managed in our proposed extended XACML architecture: OB-XACML.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, X.: Formal model and analysis of usage control, Ph.D. dissertation (2006)
Li, N., Chen, H., Bertino, E.: On practical specification and enforcement of obligations. In: CODASPY, pp. 71–82 (2012)
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)
Elrakaiby, Y., Mouelhi, T., Traon, Y.L.: Testing obligation policy enforcement using mutation analysis. In: ICST, pp. 673–680 (2012)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
e-Ghazia, U., Masood, R., Shibli, M.A., Bilal, M.: Usage control model specification in XACML policy language. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 68–79. Springer, Heidelberg (2012)
Maurizio Colombo, F.M., Lazouski, A., Mori, P.: A proposal on enhancing xacml with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing. Springer, USA (2010)
Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012)
Kateb, D.E., Mouelhi, T., Traon, Y.L., Hwang, J., Xie, T.: Refactoring access control policies for performance improvement. In: ICPE, pp. 323–334 (2012)
Hwang, J., Xie, T., Kateb, D.E., Mouelhi, T., Traon, Y.L.: Selection of regression system tests for security policy evolution. In: ASE, pp. 266–269 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
El Kateb, D., ElRakaiby, Y., Mouelhi, T., Rubab, I., Le Traon, Y. (2015). Towards a Full Support of Obligations in XACML. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-17127-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17126-5
Online ISBN: 978-3-319-17127-2
eBook Packages: Computer ScienceComputer Science (R0)