Abstract
We present a systematic technique for transforming XACML 3.0 policies in Answer Set Programming (ASP). We show that the resulting logic program has a unique answer set that directly corresponds to our formalisation of the standard semantics of XACML 3.0 from [9]. We demonstrate how our results make it possible to use off-the-shelf ASP solvers to formally verify properties of access control policies represented in XACML, such as checking the completeness of a set of access control policies and verifying policy properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Reasoning about XACML policy descriptions in answer set programming (preliminary report). In: NMR 2010 (2010)
Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Representing and reasoning about web access control policies. In: COMPSAC. IEEE Computer Society (2010)
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press (2003)
Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. TISSECÂ 6 (2003)
Bruns, G., Huth, M.: Access-control via Belnap logic: Effective and efficient composition and analysis. In: 21st IEEE Computer Security Foundations Symposium (2008)
Gelfond, M.: Handbook of knowledge representation. In: Porter, B., van Harmelen, F., Lifschitz, V. (eds.) Foundations of Artificial Intelligence, vol. 3, ch. Answer Sets, pp. 285–316. Elsevier (2007)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of ACM SIGMOD International Conference on Management of Data (1997)
Moses, T.: eXtensible Access Control Markup Language (XACML) version 2.0. Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F.: The logic of XACML. In: Arbab, F., Ölveczky, P.C. (eds.) FACS 2011. LNCS, vol. 7253, pp. 205–222. Springer, Heidelberg (2012)
Ramli, C.D.P.K., Nielson, H.R., Nielson, F.: XACML 3.0 in answer set programming – extended version. Technical report, arXiv.org. (February 2013)
Rissanen, E.: eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf
Rissanen, E.: XACML v3.0 administration and delegation profile version 1.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-administration-v1-spec-cs-01-en.pdf
Rissanen, E.: XACML v3.0 core and hierarchical role based access control (rbac) profile version 1.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-rbac-v1-spec-cs-01-en.pdf
Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Simons, P., Niemelá, I., Soininen, T.: Extending and implementing the stable model semantics. Artificial Intelligence 138, 181–234 (2002)
Syrjänen, T.: Lparse 1.0 User’s Manual
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F. (2013). XACML 3.0 in Answer Set Programming. In: Albert, E. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2012. Lecture Notes in Computer Science, vol 7844. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38197-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-38197-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38196-6
Online ISBN: 978-3-642-38197-3
eBook Packages: Computer ScienceComputer Science (R0)