Published: August 23, 2010
Author(s)
Vincent Hu, David Ferraiolo, Serban Gavrila
Conference
Name: Sixth International Conference on Information Assurance and Security (IAS 2010)
Dates: August 23-25, 2010
Location: Atlanta, Georgia, United States
Citation: 2010 Sixth International Conference on Information Assurance and Security (IAS 2010), pp. 32-35
Announcement
Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification language, XACML, does not provide sufficient syntactic and semantic support for the specification of attribute relations in their scheme. In this paper, we show the deficiencies of XACML in specifying such capabilities in the implementations of the Multilevel Security, Hierarchical Role Based policies and Separation of Duty requirements of access control systems. In comparison, we then demonstrate the attribute relation mechanism provided by a relation-based access control mechanism -- the Policy Machine.
Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification language, XACML, does not provide...
See full abstract
Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification language, XACML, does not provide sufficient syntactic and semantic support for the specification of attribute relations in their scheme. In this paper, we show the deficiencies of XACML in specifying such capabilities in the implementations of the Multilevel Security, Hierarchical Role Based policies and Separation of Duty requirements of access control systems. In comparison, we then demonstrate the attribute relation mechanism provided by a relation-based access control mechanism -- the Policy Machine.
Hide full abstract
Keywords
access control; access control model; authorization; privilege management; security policy; XACML
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
