Developing and Enforcing Policies for Access Control, Resource Usage, and Adaptation

– A Practical Approach –
  • Andrea MargheriEmail author
  • Massimiliano Masi
  • Rosario Pugliese
  • Francesco Tiezzi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8379)


Policy-based software architectures are nowadays widely exploited to regulate different aspects of systems’ behavior, such as access control, resource usage, and adaptation. Several languages and technologies have been proposed as, e.g., the standard XACML. However, developing real-world systems using such approaches is still a tricky task, being them complex and error-prone. To overcome such difficulties, we advocate the use of FACPL, a formal policy language inspired to but simpler than XACML. FACPL has an intuitive syntax, a mathematical semantics and easy-to-use software tools supporting policy development and enforcement. We illustrate potentialities and effectiveness of our approach through a case study from the Cloud computing domain.


Cloud Computing Policy Language Service Level Agreement Cloud System Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    OASIS XACML TC: eXtensible Access Control Markup Language (XACML) version 3.0 - Candidate OASIS Standard, September 2012Google Scholar
  3. 3.
    The epSOS project: a european ehealth project.
  4. 4.
    The Nationwide Health Information Network (NHIN): an American eHealth Project (2009).
  5. 5.
    OASIS: Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare v1.0 (2009)Google Scholar
  6. 6.
    OASIS Security Services TC: assertions and protocols for the OASIS security assertion markup language (SAML) v2.02 (2005)Google Scholar
  7. 7.
    Margheri, A., Masi, M., Pugliese, R., Tiezzi, F.: A formal software engineering approach to policy-based access control. Technical report, DiSIA, Univ. Firenze (2013).
  8. 8.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800–145 (2011)Google Scholar
  9. 9.
    Verma, D.C.: Service level agreements on IP networks. Proc. IEEE 92(9), 1382–1388 (2004)CrossRefGoogle Scholar
  10. 10.
    Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E.: The X-CREATE framework - a comparison of XACML policy testing strategies. In: WEBIST. SciTePress, pp. 155–160 (2012)Google Scholar
  11. 11.
    Masi, M., Pugliese, R., Tiezzi, F.: Formalisation and implementation of the XACML access control mechanism. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 60–74. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  12. 12.
    Busch, M., Koch, N., Masi, M., Pugliese, R., Tiezzi, F.: Towards model-driven development of access control policies for web applications. In: MDsec. ACM (2012)Google Scholar
  13. 13.
    Margheri, A., Masi, M., Pugliese, R., Tiezzi, F.: On a formal and user-friendly linguistic approach to access control of electronic health data. In: HEALTHINF. SciTePress (2013)Google Scholar
  14. 14.
    Khakpour, N., Jalili, S., Talcott, C.L., Sirjani, M., Mousavi, M.R.: Formal modeling of evolving self-adaptive systems. Sci. Comput. Program. 78(1), 3–26 (2012)CrossRefzbMATHGoogle Scholar
  15. 15.
    IBM: autonomic computing policy language - ACPL.
  16. 16.
    Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  17. 17.
    Sloman, M.: Policy driven management for distributed systems. J. Netw. Syst. Manage. 2(4), 333–360 (1994)CrossRefGoogle Scholar
  18. 18.
    Kolovski, V., Hendler, J.A., Parsia, B.: Analyzing web access control policies. In: WWW, pp. 677–686. ACM (2007)Google Scholar
  19. 19.
    Bryans, J.: Reasoning about XACML policies using CSP. In: SWS, pp. 28–35. ACM (2005)Google Scholar
  20. 20.
    Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE, pp. 196–205. ACM (2005)Google Scholar
  21. 21.
    Proctor, S.: SUN XACML (2011).
  22. 22.
    The Herasaf consortium \(\rm HERAS^{AF}\).
  23. 23.
    Axiomatics: Axiomatics Language for Authorization (ALFA).

Copyright information

© Science and Engineering Faculty 2014

Authors and Affiliations

  • Andrea Margheri
    • 1
    • 2
    Email author
  • Massimiliano Masi
    • 3
  • Rosario Pugliese
    • 1
  • Francesco Tiezzi
    • 4
  1. 1.Università degli Studi di FirenzeFirenzeItaly
  2. 2.Università di PisaPisaItaly
  3. 3.Tiani “Spirit” GmbHViennaAustria
  4. 4.IMT Advanced Studies LuccaLuccaItaly

Personalised recommendations