Formalisation and Implementation of the XACML Access Control Mechanism

  • Massimiliano Masi
  • Rosario Pugliese
  • Francesco Tiezzi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7159)


We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specification and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis for developing tools and methodologies which allow software engineers to easily and precisely regulate access to resources using policies. To demonstrate feasibility and effectiveness of our approach, we provide a software tool, supporting the specification and evaluation of policies and access requests, whose implementation fully relies on our formal development.


PBAC XACML formal semantics CASE tools 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferraiolo, D., Kuhn, R.: Role-based access control. In: NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  2. 2.
  3. 3.
    OASIS XACML TC: eXtensible Access Control Markup Language (XACML) version 2.0 (2005),
  4. 4.
    The epSOS project: A european ehealth project,
  5. 5.
    The Nationwide Health Information Network (NHIN): an American eHealth Project (2009),
  6. 6.
    OASIS: Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare v1.0 (2009),
  7. 7.
    OASIS Security Services TC: Assertions and protocols for the OASIS security assertion markup language (SAML) v2.02 (2005),
  8. 8.
    Namli, T., Dogac, A.: Implementation Experiences On IHE XUA and BPPC. Technical report, Software Research and Development Center, Middle East Technical University Ankara (December 2006)Google Scholar
  9. 9.
    Universidad de Murcia: UMU-XACML-Editor (2008),
  10. 10.
    Bradner, S.: Key words for use in rfcs to indicate requirement levels (1997)Google Scholar
  11. 11.
    Kolovski, V., Hendler, J.A., Parsia, B.: Analyzing web access control policies. In: WWW, pp. 677–686. ACM (2007)Google Scholar
  12. 12.
    Bryans, J.: Reasoning about XACML policies using CSP. In: SWS, pp. 28–35. ACM (2005)Google Scholar
  13. 13.
    Hoare, C.: Commmunicating Sequential Processes. Prentice-Hall (1985)Google Scholar
  14. 14.
    Bryans, J., Fitzgerald, J.S.: Formal Engineering of XACML Access Control Policies in VDM++. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 37–56. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Fitzgerald, J., Larsen, P., Mukherjee, P., Plat, N., Verhoef, M.: Validated Designs for Object-oriented Systems. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  16. 16.
    Zhang, N., Ryan, M., Guelev, D.P.: Evaluating Access Control Policies through Model Checking. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 446–460. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in XACML. In: FMSE, pp. 56–65. ACM (2004)Google Scholar
  18. 18.
    Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE, pp. 196–205. ACM (2005)Google Scholar
  19. 19.
    Tschantz, M.C., Krishnamurthi, S.: Towards reasonability properties for access-control policy languages. In: SACMAT, pp. 160–169. ACM (2006)Google Scholar
  20. 20.
    OASIS XACML TC: Available XACML Implementations (2011), (last visited September 21, 2011)
  21. 21.
    Proctor, S.: SUN XACML (2011), (last visited September 21, 2011)
  22. 22.
    The Herasaf consortium: HERASAF,
  23. 23.
    Liu, A.X., Chen, F., Hwang, J., Xie, T.: Xengine: a fast and scalable XACML policy evaluation engine. In: SIGMETRICS, pp. 265–276. ACM (2008)Google Scholar
  24. 24.
    ISSRG: The Modular PERMIS Project,
  25. 25.
    Foster, I.T.: Globus toolkit version 4: Software for service-oriented systems. J. Comput. Sci. Technol. 21(4), 513–520 (2006)CrossRefGoogle Scholar
  26. 26.
    Barton, T., et al.: Identity federation and attribute-based authorization through the globus toolkit, shibboleth, gridshib, and myproxy. Technical report, National Center for Supercomputing Applications, University of Illinois (2006)Google Scholar
  27. 27.
    Chadwick, D.W., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: Permis: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11), 1341–1357 (2008)CrossRefGoogle Scholar
  28. 28.
    Masi, M., Pugliese, R., Tiezzi, F.: Formalisation and Implementation of the XACML Access Control Mechanism (full version). Technical report, Dipartimento di Sistemi e Informatica, Univ. Firenze (2011),
  29. 29.
    Clark, J., DeRose, S.: XML Path Language (XPath) version 1.0 (1999),
  30. 30.
    The IHE Initiative: IT Infrastructure Technical Framework (2009),
  31. 31.
    Health Level Seven organization: Hl7 standards (2009),
  32. 32.
    The Regenstrief Institute: Logical observation identifiers names and codes (LOINC),
  33. 33.
    IEEE Computer Society: IEEE Standard for Binary Floating-Point Arithmetic IEEE Product No. SH10116-TBR (1985)Google Scholar
  34. 34.
    Parr, T.J., Quong, R.W.: ANTLR: A Predicated-LL(k) Parser Generator. Software Practice and Experience 25, 789–810 (1994)CrossRefGoogle Scholar
  35. 35.
    Saltzer, J.H.: Protection and the Control of Information Sharing in Multics. Commun. ACM 17, 388–402 (1974)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Massimiliano Masi
    • 1
    • 2
  • Rosario Pugliese
    • 2
  • Francesco Tiezzi
    • 3
  1. 1.Tiani “Spirit” GmbHViennaAustria
  2. 2.Università degli Studi di FirenzeFirenzeItaly
  3. 3.IMT Advanced Studies LuccaLuccaItaly

Personalised recommendations