WWW2007: Program
Top of Menu Home CFP Program Committees Key Dates Location Hotel Registration Students Sponsors Media Submission Tutorials Workshops Travel Info Proceedings

Refereed Papers

Track: Security, Privacy, Reliability and Ethics

Paper Title:
Analyzing Web Access Control Policies

Authors:

  • Vladimir Kolovski (University of Maryland - College Park)
  • James Hendler (Department of Computer Science, The University of Maryland)
  • Bijan Parsia (University of Manchester, UK)

Abstract:
XACML has emerged as a popular access control language on the Web, but because of its rich expressiveness, it has proved difficult to analyze in an automated fashion. Previous attempts to analyze XACML policies either use propositional logic or full First-Order logic. In this paper, we present a formalization of XACML using Description Logics (DL) . This formalization allows us to extend the subset of XACML supported by propositional logic-based analysis tools; we also provide a new analysis service (policy redundancy). Mapping XACML to description logics allows us to use off-the-shelf DL reasoners for analysis tasks such as policy comparison, policy verification and querying. We provide empirical evaluation of a policy analysis tool that was implemented on top of open source reasoner Pellet.

PDF version



















sponsors