XACML 3.0 in Answer Set Programming

Kencana Ramli, Carroline Dewi Puspa; Nielson, Hanne Riis; Nielson, Flemming

doi:10.1007/978-3-642-38197-3_7

Carroline Dewi Puspa Kencana Ramli¹⁷,
Hanne Riis Nielson¹⁷ &
Flemming Nielson¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7844))

Included in the following conference series:

International Symposium on Logic-Based Program Synthesis and Transformation

435 Accesses
4 Citations

Abstract

We present a systematic technique for transforming XACML 3.0 policies in Answer Set Programming (ASP). We show that the resulting logic program has a unique answer set that directly corresponds to our formalisation of the standard semantics of XACML 3.0 from [9]. We demonstrate how our results make it possible to use off-the-shelf ASP solvers to formally verify properties of access control policies represented in XACML, such as checking the completeness of a set of access control policies and verifying policy properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 72.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Reasoning about XACML policy descriptions in answer set programming (preliminary report). In: NMR 2010 (2010)
Google Scholar
Ahn, G.-J., Hu, H., Lee, J., Meng, Y.: Representing and reasoning about web access control policies. In: COMPSAC. IEEE Computer Society (2010)
Google Scholar
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press (2003)
Google Scholar
Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. TISSEC 6 (2003)
Google Scholar
Bruns, G., Huth, M.: Access-control via Belnap logic: Effective and efficient composition and analysis. In: 21st IEEE Computer Security Foundations Symposium (2008)
Google Scholar
Gelfond, M.: Handbook of knowledge representation. In: Porter, B., van Harmelen, F., Lifschitz, V. (eds.) Foundations of Artificial Intelligence, vol. 3, ch. Answer Sets, pp. 285–316. Elsevier (2007)
Google Scholar
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of ACM SIGMOD International Conference on Management of Data (1997)
Google Scholar
Moses, T.: eXtensible Access Control Markup Language (XACML) version 2.0. Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F.: The logic of XACML. In: Arbab, F., Ölveczky, P.C. (eds.) FACS 2011. LNCS, vol. 7253, pp. 205–222. Springer, Heidelberg (2012)
Chapter Google Scholar
Ramli, C.D.P.K., Nielson, H.R., Nielson, F.: XACML 3.0 in answer set programming – extended version. Technical report, arXiv.org. (February 2013)
Google Scholar
Rissanen, E.: eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf
Rissanen, E.: XACML v3.0 administration and delegation profile version 1.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-administration-v1-spec-cs-01-en.pdf
Rissanen, E.: XACML v3.0 core and hierarchical role based access control (rbac) profile version 1.0 (committe specification 01). Technical report, OASIS (August 2010), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-rbac-v1-spec-cs-01-en.pdf
Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Chapter Google Scholar
Simons, P., Niemelá, I., Soininen, T.: Extending and implementing the stable model semantics. Artificial Intelligence 138, 181–234 (2002)
Article MathSciNet MATH Google Scholar
Syrjänen, T.: Lparse 1.0 User’s Manual
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Applied Mathematics and Computer Science, Danmarks Tekniske Universitet, Lyngby, Denmark
Carroline Dewi Puspa Kencana Ramli, Hanne Riis Nielson & Flemming Nielson

Authors

Carroline Dewi Puspa Kencana Ramli
View author publications
You can also search for this author in PubMed Google Scholar
Hanne Riis Nielson
View author publications
You can also search for this author in PubMed Google Scholar
Flemming Nielson
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science (DSIC), Complutense University of Madrid, Séneca Avenue 2, 28040, Madrid, Spain
Elvira Albert

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F. (2013). XACML 3.0 in Answer Set Programming. In: Albert, E. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2012. Lecture Notes in Computer Science, vol 7844. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38197-3_7

Download citation

DOI: https://doi.org/10.1007/978-3-642-38197-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38196-6
Online ISBN: 978-3-642-38197-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics