Research in Access Control Management

Bernard Stepien

University of Ottawa

Research on Access Control Management

A Non-Technical Notation to express XACML targets and conditions logic

An example

Informal rule condition:

"permit access to surgeries report and diagnosis for the purpose of reading to physicians or nurses when located in emergency room or operating room".

Modeling the rule using XACML

The above rule is represented in XACML using attributes:

Doctors and nurses are represented using the subject-id attribute.

Surgeries report and diagnosis are represented using the Document attribute.

Emergency and operating room are represented using the Location attribute.

Action is represented by the action-id attribute.

Problem?

The above rule is highly ambiguous. What does the emergency and operating room attribute apply to? In the informal rule above, it appears to apply to both doctors and nurses. However, what we really tried to express is that it applies only to nurses. Doctors are permitted to read these documents at any time.

Solution

In XACML, there is no ambiguity because of the natural scope of XML operators. All you need to do is proper nesting of operators. In our non-technical notation, we preserve scope of XACML operators using the natural indentation of XML without showing any XML.

Representation of the rule using a non-technical semi-formal notation to express a XACML condition using a non-technical XACML authoring tool

Press here to view the corresponding XACML code for the above example

Which representation do you prefer?

Our non-technical notation allows to view and edit a XACML policy in a very concise way and thus really understand what it means. XACML is maintained as a machine readable representation for interoperability purposes.

Alternate way to represent the policy using XACML rule targets

Press here to view the corresponding XACML code for the above example

Papers

B.Stepien, A. Felty, S. Matwin, An Algorithm for Compression of XACML Access Control Policy Sets by Recursive Subsumption, in ARES 2012 proceedings

B. Stepien, H. Khambhammettu, K. Adi, L. Logrippo, CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models, in ICC'12 WS - SFCS proceedings

B.Stepien, S.Matwin, A.Felty, Advantages of a Non-Technical XACML Notation in Role-Based Models, in the proceedings of the PST 2011 conference

B.Stepien, S.Matwin, A.Felty, Strategies for Reducing Risks of Inconsistencies in Access Control Policies, in proceedings of the ARES 2010 conference

B.Stepien, A.Felty, S.Matwin A Non-technical User-Oriented Display Notation for XACML conditions in MCETECH 2009 proceedings

V. Capretta, , B. Stepien, A. Felty, S. Matwin Formal Correctness of Conflict Detection for Firewalls in FMSE'07 Conference proceedings

Presentations

B.Stepien, A.Felty, S.Matwin A Non-technical User-Oriented Display Notation for XACML conditions conference slides for MCETECH 2009

B.Stepien, A.Felty, S.Matwin Testing Access Control tools conference slides for TTCN-3 User Conference 2009

Spin-off

Founder and Chief Architect of Devera Logic Inc

Email Contact