Access Domain-Based Approach for Anomaly Detection and Resolution in XACML Policies

被引：0

作者：

El Hadj, Maryem Ait ^{[1
]}

Benkaouz, Yahya ^{[2
]}

Khoumsi, Ahmed ^{[3
]}

Erradi, Mohammed ^{[1
]}

机构：

[1] Mohammed V Univ Rabat, ENSIAS, ITM Team, Networking & Distributed Syst Res Grp, Rabat, Morocco

[2] Mohammed V Univ Rabat, Concept & Syst Lab FSR, Rabat, Morocco

[3] Univ Sherbrooke, Dept Elect & Comp Engn, Sherbrooke, PQ, Canada

来源：

INNOVATIONS IN BIO-INSPIRED COMPUTING AND APPLICATIONS, IBICA 2017 | 2018年 / 735卷

关键词：

XACML policies; Clustering; Anomaly detection; Anomaly resolution; Access domain;

D O I：

10.1007/978-3-319-76354-5_27

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Access control protects systems' resources against unauthorized access via a set of policy rules. In distributed environments, access control policies might be aggregated from multiple tenants and could be managed by more than one administrator. Therefore, errors in the rules definitions may compromise the system security by leading to unauthorized access or denying authorized access. This may result into anomalies, i.e. conflicting rules and redundant rules. In this paper, we propose an approach to detect and resolve anomalies in XACML (eXtensible Access Control Markup Language) policies. We introduce the concept of a rule access domain, which is used to accurately identify and resolve policy anomalies.

引用

页码：298 / 308

页数：11

共 10 条

[1]

[Anonymous], 2005, OASIS STANDARD EXTEN

[2]

El Hadj MaryemAit., 2017, SECRYPT, P548

[3]

Hu Hongxin., 2011, Proceedings of the 16th ACM symposium on Access control models and technologies, P165, DOI DOI 10.1145/1998441.1998472

[4]

Liu AX, 2008, PERF E R SI, V36, P265, DOI 10.1145/1384529.1375488

[5] From model-driven specification to design-level set-based analysis of XACML policies [J].

Mourad, Azzam ;

Tout, Hanine ;

Talhi, Chamseddine ;

Otrok, Hadi ;

Yahyaoui, Hamdi .

COMPUTERS & ELECTRICAL ENGINEERING, 2016, 52 :65-79

[6] Anomaly Detection: A Survey [J].

Chandola, Varun ;

Banerjee, Arindam ;

Kumar, Vipin .

ACM COMPUTING SURVEYS, 2009, 41 (03)

[7]

Proctor S., 2004, SUNS XACML IMPLEMENT

[8]

Ramli C. D. P. K., 2015, ARXIV150302732

[9] A Verified Algorithm for Detecting Conflicts in XACML Access Control Rules [J].

St-Martin, Michel ;

Felty, Amy P. .

PROCEEDINGS OF THE 5TH ACM SIGPLAN CONFERENCE ON CERTIFIED PROGRAMS AND PROOFS (CPP'16), 2016, :166-175

[10]

Yuan E, 2005, 2005 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, VOLS 1 AND 2, PROCEEDINGS, P561

← 1 →