Abstract
The OASIS XACML standard emerged as a pure declarative language allowing to express access control. Later, it was enriched with the concept of obligations which must be carried out when the access is granted or denied. In our previous work, we presented U-XACML, an extension of XACML that allows to express Usage Control (UCON). In this paper we propose an architecture for the enforcement of U-XACML, a model for retrieving mutable attributes, and a proof-of-concept implementation of the authorization framework based on web-services.
This work was supported by the EU FP7 projects Open Computing Infrastructures for Elastic Services (CONTRAIL) FP7-ICT 257438 and Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSOS) FP7-ICT 256980.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science, Washington, DC, USA, p. 228 (2003)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous Usage Control features. In: Proceedings of CoreGRID ERCIM Working Group Workshop on Grids, P2P and Services Computing, pp. 133–146. Springer (2010)
OASIS XACML TC. eXtensible Access Control Markup Language (XACML) Version 3.0 (2010)
Park, J., Sandhu, R.: Towards usage control models: Beyond traditional access control. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, NY, USA, pp. 57–64 (2002)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)
Feng, J., Wasson, G., Humphrey, M.: Resource usage policy expression and enforcement in grid computing. In: IEEE/ACM International Workshop on Grid Computing, pp. 66–73 (2007)
Gheorghe, G., Crispo, B., Carbone, R., Desmet, L., Joosen, W.: Deploy, Adjust and Readjust: Supporting Dynamic Reconfiguration of Policy Enforcement. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 350–369. Springer, Heidelberg (2011)
Hafner, M., Memon, M., Alam, M.: Modeling and enforcing advanced access control policies in healthcare systems with Sectet, pp. 132–144 (2008)
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, New York, USA, pp. 123–132 (2008)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)
Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA authorization framework (2000)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC) 11(1), 1–36 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lazouski, A., Martinelli, F., Mori, P. (2012). A Prototype for Enforcing Usage Control Policies Based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2012. Lecture Notes in Computer Science, vol 7449. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32287-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-32287-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32286-0
Online ISBN: 978-3-642-32287-7
eBook Packages: Computer ScienceComputer Science (R0)