Track: Security, Privacy, Reliability and Ethics
Analyzing Web Access Control Policies
- Vladimir Kolovski (University of Maryland - College Park)
- James Hendler (Department of Computer Science, The University of Maryland)
- Bijan Parsia (University of Manchester, UK)
XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it has proved difficult to analyze in an automated fashion. Previous attempts to analyze XACML policies either use propositional logic or full First-Order logic. In this paper, we present a formalization of XACML using Description Logics (DL) . This formalization allows us to extend the subset of XACML supported by propositional logic-based analysis tools; we also provide a new analysis service (policy redundancy). Mapping XACML to description logics allows us to use off-the-shelf DL reasoners for analysis tasks such as policy comparison, policy verification and querying. We provide empirical evaluation of a policy analysis tool that was implemented on top of open source reasoner Pellet.