ABSTRACT
We extend the XACML reference implementation so that a policyset consisting of remote references to other policies can be evaluated distributively. Our extension also covers requests to resources that need to be used exclusively. We do so by implementing a nested transaction model for the evaluation of distributed XACML policies. Experiments show reasonable performance of our access controller.
- V. Dhankhar, S. Kaushik, and D. Wijesekera. Xacml policies for exclusive resource usage. In 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 07), 2007. Google ScholarDigital Library
- J. Gray. Notes on data base operating systems. In Operating Systems, An Advanced Course, pages 393--481, London, UK, 1978. Springer-Verlag. Google ScholarDigital Library
- R. Lepro. Cardea: Dynamic access control in distributed systems. Technical Report NAS Technical Report NAS-03-020, NASA Advanced Supercomputing (NAS) Division, Moffett Field, CA 94035, Nov 2003.Google Scholar
- J. E. B. Moss. Nested Transactions: An Approach to Reliable Distributed Computing. PhD thesis, 1981.Google Scholar
- M. H. Nodine and S. B. Zdonik. Cooperative transaction hierarchies: A transaction model to support design applications source very large data bases. In Proceedings of the 16th International Conference on Very Large Data Bases, pages 83--94, 1990. Google ScholarDigital Library
- OASIS. Extensible access control markup language, Feb 2005.Google Scholar
- H. Shen and P. Dewan. Access control for collaborative environments. Software Engineering Research Center SERC-TR-123-P, NASA Advanced Supercomputing (NAS) Division, Aug 1992Google Scholar
- Sun. Sun's xacml implementation. http://sunxacml.sourceforge.net/index.html, July 2004.Google Scholar
- W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong. Access control in collaborative systems. ACM Computing Surveys (CSUR), 37(1):29--41, March 2005. Google ScholarDigital Library
Index Terms
- Evaluating distributed xacml policies
Recommendations
Managing XACML systems in distributed environments through Meta-Policies
Policy-based authorization systems have been largely deployed nowadays to control different privileges over a big amount of resources within a security domain. With policies it is possible to reach a fine-grained level of expressiveness to state proper ...
Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies
Display Omitted We provide policy analysis scheme to detect access contradictions among web services.We propose semantic-based policy analysis through deductive logic and inference rules.We present flaw, conflict and redundancy detection algorithms for ...
Designing Fast and Scalable XACML Policy Evaluation Engines
Most prior research on policies has focused on correctness. While correctness is an important issue, the adoption of policy-based computing may be limited if the resulting systems are not implemented efficiently and thus perform poorly. To increase the ...
Comments