EXAM -- a Comprehensive Environment for the Analysis of Access Control Policies

Get BibTex-formatted data

Download

PDF

Author

Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, Jorge Lobo

Tech report number

CERIAS TR 2008-13

Entry type

techreport

Abstract

Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment -- EXAM. The environment supports various types of analysis query, that we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of our analyzer.

Download

PDF

Date

1 – 1 – 1

Key alpha

Access Control, Policy Similarity, XACML

Publication Date

2008-08-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Access Control, Policy Similarity, XACML,
	title = "EXAM -- a Comprehensive Environment for the Analysis of Access Control Policies",
	author = "Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, Jorge Lobo",
	year = "1",
	month = "1",
	day = "1",
	abstract = "Policy integration and inter-operation is often a crucial
requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party
may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment -- EXAM. The environment supports various types of analysis query, that we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of
our analyzer.",
}