Skip to main content
Article
Formalizing Semantic Differences Between Combining Algorithms in XACML 3.0 Policies
2015 IEEE International Conference on Software Quality, Reliability and Security
  • Dianxiang Xu, Boise State University
  • Yunpeng Zhang, Boise State University
  • Ning Shen, Boise State University
Document Type
Conference Proceeding
Publication Date
1-1-2015
Disciplines
Abstract
XACML is a standard language for specifying attribute-based access control policies of computer and software systems. It offers a variety of combining algorithms for flexible policy composition. While they are intended to be different, they also bear similarities. Some combining algorithms can be functionally equivalent with respect to the given policy or policies. To correctly use the combining algorithms, it is important to understand the subtle similarities and differences. This paper presents a formal treatment of the semantic differences between the commonly used combining algorithms in XACML 3.0. For each pair of the selected combining algorithms, we identify when they are functionally equivalent and when they are not equivalent. This rigorous understanding helps minimize incorrect uses of combining algorithms that may lead to unauthorized access and denial of service. It also provides a foundation for determining equivalent mutants of combining algorithms in mutation testing of XACML policies.
Citation Information
Dianxiang Xu, Yunpeng Zhang and Ning Shen. "Formalizing Semantic Differences Between Combining Algorithms in XACML 3.0 Policies" 2015 IEEE International Conference on Software Quality, Reliability and Security (2015)
Available at: http://works.bepress.com/dianxiang_xu/20/