Abstract
Authorization in collaborative systems is defined by a global policy that represents the combination of the collaborators’ access policies. However, the enforcement of such a global policy may create conflicting authorization decisions. In this paper, we categorize two types of conflicts that may occur in such policies. Furthermore, to resolve these conflicts and to reach a unique decision for an access request, we present an approach that uses XACML policy combining algorithms and considers the category of the detected conflicts. The approach is implemented using aspect-oriented finite state machines.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ayache, M., Erradi, M., Khoumsi, A., Freisleben, B.: Analysis and verification of XACML policies in a medical cloud environment. Scalable Comput. Pract. Experience 17(3), 189–206 (2016)
Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). doi:10.1007/3-540-44898-5_4
Dinkelaker, T., Erradi, M., Ayache, M.: Using aspect-oriented state machines for detecting and resolving feature interactions. Comput. Sci. Inf. Syst. 9(3), 1045–1074 (2012)
Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using XACML for access control in distributed systems. In: Proceedings of the 2003 ACM Workshop on XML Security, pp. 25–37. ACM (2003)
Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35890-6_10
Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. (CSUR) 37(4), 316–344 (2005)
Moses, T., et al.: Extensible access control markup language XACML version 2.0. Oasis Standard (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ayache, M., Erradi, M., Freisleben, B., Khoumsi, A. (2017). Aspect-Oriented State Machines for Resolving Conflicts in XACML Policies. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-59647-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59646-4
Online ISBN: 978-3-319-59647-1
eBook Packages: Computer ScienceComputer Science (R0)