Fine-grained Integration of Access Control Policies
Abstract
Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. in this paper, we introduce an algebra for fine-grained integration of sophisticated policies. the algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints. for ease of use, we also introduce a set of derived operators and provide guidelines for users to edit a policy with desired properties. to assess the expressive power of our algebra, we define notion of completeness and prove that our algebra is complete and minimal with respect to the notion. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams. Experimental results have demonstrated both effectiveness and efficiency of our approach. in addition, we also discuss issues regarding obligations. © 2010 Elsevier Ltd. All rights reserved.
Recommended Citation
P. Rao et al., "Fine-grained Integration of Access Control Policies," Computers and Security, vol. 30, no. 2 thru 3, pp. 91 - 107, Elsevier, Mar 2011.
The definitive version is available at https://doi.org/10.1016/j.cose.2010.10.006
Department(s)
Computer Science
Keywords and Phrases
Access control; Algebra; Framework; Policy integration; XACML
International Standard Serial Number (ISSN)
0167-4048
Document Type
Article - Journal
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2024 Elsevier, All rights reserved.
Publication Date
01 Mar 2011
