skip to main content
10.1145/1103022.1103028acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Reasoning about XACML policies using CSP

Published: 11 November 2005 Publication History

Abstract

In this work we explore the use of process algebra in formalising and analysing access control policies. We do this by considering a standard access control language (XACML) and show how the core concepts in the language can be represented in CSP. We then show how properties of these policies may also be described in CSP, and how model checking may be used to verify that a policy meets the property.We further consider how we may introduce a notion of workflow into this framework, and show that a simple appreciation of the workflow context may limit the things we need to verify about a policy.

References

[1]
K. Bhargavan, C. Fournet, and A. Gordon. A Santics for Web Services Authentication. Theoretical Computer Science, 340(1):102--153,June 2005.
[2]
Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Access control: principles and solutions. Software -Practice and Experience, 33:397--421,2003.
[3]
Kathi Fisler, Shiriram Krishnamurthi, Leo Meyerovich, and Michael Carl Tschantz. Verification and Change-Impact Analysis of Access-Control Policies. In ICSE,2005.
[4]
D. Guelev, M. Ryan, and P. Schobbens. Model-checking Access Control Policies. In ISC, 2004.
[5]
C. A. R. Hoare. Commmunicating Sequential Processes. Prentice-Hall, 1985.
[6]
E Kleiner and A. W. Roscoe. Web Services Security: a preliminary study using Casper and FDR. In ARPSA, pages 160--174,2004.
[7]
Formal Systs (Europe)Ltd. Failures-Divergences Refinent: User Manual and Tutorial. Oxford University.
[8]
T. Moses. eXtensible Access Control Markup Language (XACML)version 1.0. Technical report, OASIS, Feb 2003.
[9]
A. W. Roscoe. The Theory and Practice of Concurrency. Pearson Education, 1998.
[10]
Peter Ryan. Mathatical models of computer security. In Riccardo Focardi and Roberto Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS, 2000.
[11]
Peter Ryan and Ragni Ryvold Arnesen. A Process Algebraic Approach to Security Policies. In Ehud Gudes and Sujeet Shenoi, editors, DBSec, volume 256 of IFIP Conference Proceedings, pages 301--312. Kluwer, 2002.
[12]
Peter Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe, and Bill Roscoe. Modelling and Analysis of Security Protocols. Pearson Education, 2001.
[13]
Steve Schneider. Concurrent and Real-time Systs: the CSP approach. John Wiley & Sons,2000.
[14]
N. Zhang, M.Ryan, and D.Guelev. Synthesising Verified Access Control Systs in XACML. In FMSE, 2004.

Cited By

View all
  • (2023)An Automated Policy Verification and Enforcement Framework for Ethereum Applications2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC56567.2023.10174879(1-5)Online publication date: 1-May-2023
  • (2022)A Formal Validation Approach for XACML 3.0 Access Control PolicySensors10.3390/s2208298422:8(2984)Online publication date: 13-Apr-2022
  • (2022)A Formal Approach for the Identification of Authorization Policy Conflicts within Multi-Cloud EnvironmentsJournal of Grid Computing10.1007/s10723-022-09606-120:2Online publication date: 1-Jun-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SWS '05: Proceedings of the 2005 workshop on Secure web services
November 2005
98 pages
ISBN:1595932348
DOI:10.1145/1103022
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. CSP
  2. XACML
  3. access control
  4. santic models

Qualifiers

  • Article

Conference

CCS05
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)An Automated Policy Verification and Enforcement Framework for Ethereum Applications2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC56567.2023.10174879(1-5)Online publication date: 1-May-2023
  • (2022)A Formal Validation Approach for XACML 3.0 Access Control PolicySensors10.3390/s2208298422:8(2984)Online publication date: 13-Apr-2022
  • (2022)A Formal Approach for the Identification of Authorization Policy Conflicts within Multi-Cloud EnvironmentsJournal of Grid Computing10.1007/s10723-022-09606-120:2Online publication date: 1-Jun-2022
  • (2022)Process Algebra Can Save Lives: Static Analysis of XACML Access Control Policies Using mCRL2Formal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-031-08679-3_2(11-30)Online publication date: 12-Jun-2022
  • (2022)A blockchain based approach for the authorization policies delegation in emergency situationsTransactions on Emerging Telecommunications Technologies10.1002/ett.446133:5Online publication date: 27-May-2022
  • (2020)Formal Verification of Access Control Model for My Health Record System2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS51672.2020.00010(21-30)Online publication date: Oct-2020
  • (2018)Authorization Policies Specification and Consistency Management within Multi-cloud EnvironmentsSecure IT Systems10.1007/978-3-030-03638-6_17(272-288)Online publication date: 2-Nov-2018
  • (2017)Current Research and Open Problems in Attribute-Based Access ControlACM Computing Surveys10.1145/300720449:4(1-45)Online publication date: 2-Jan-2017
  • (2017)Verification of SGAC Access Control Policies Using Alloy and ProB2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)10.1109/HASE.2017.24(120-123)Online publication date: 2017
  • (2017)Formal specification and integration of distributed security policiesComputer Languages, Systems and Structures10.1016/j.cl.2016.12.00449:C(1-35)Online publication date: 1-Sep-2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media