Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

REW-SMT: A New Approach for Rewriting XACML Request with Dynamic Big Data Security Policies

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10656))

Abstract

Application of dynamic policy has brought benefits to distributed systems, cloud systems, and social network. However, there are no previous studies focused on solving authorization problems in the dynamic policy. In this paper, we focus on analyzing the way of policy change and providing solutions in the dynamic policy environment. The contribution of this paper is two-fold: including the solution for changing policy even when the access request has been granted by the policy and we provide an XACML-based implementation that incorporates the rewriting request model. Experiential results with real-world policies have established the practical and theoretical value of our newly introduced approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.smtlib.org.

  2. 2.

    Continue-a: the policy is taken and converted by [11].

  3. 3.

    KMarket: a real-world policy taken from Balana in 2013.

  4. 4.

    GEYSER: http://www.geysers.eu/.

References

  1. Ammar, N., et al.: XACML policy evaluation with dynamic context handling. IEEE Trans. Knowl. Data Eng. 27, 2575–2588 (2015)

    Article  Google Scholar 

  2. Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. Handb. Satisf. 185, 825–885 (2009)

    Google Scholar 

  3. Dunlop, N., et al.: Dynamic policy model for large evolving enterprises. In: Enterprise Distributed Object Computing Conference, pp. 193–197. IEEE (2001)

    Google Scholar 

  4. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800-162 (2013)

    Google Scholar 

  5. Jaiswal, C., Nath, M., Kumar, V.: Location-based security framework for cloud perimeters. IEEE Cloud Comput. 1(3), 56–64 (2014)

    Article  Google Scholar 

  6. Kabbani, B., et al.: Specification and enforcement of dynamic authorization policies oriented by situations. In: New Technologies, Mobility and Security, pp. 1–6 (2014)

    Google Scholar 

  7. Laborde, R., et al.: An adaptive XACMLv3 policy enforcement point. In: Computer Software and Applications Conference, pp. 620–625. IEEE (2014)

    Google Scholar 

  8. Le Thi, K.T., Dang, T.K., Kuonen, P., Drissi, H.C.: STRoBAC – spatial temporal role based access control. In: Nguyen, N.-T., Hoang, K., Jȩdrzejowicz, P. (eds.) ICCCI 2012. LNCS (LNAI), vol. 7654, pp. 201–211. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34707-8_21

    Chapter  Google Scholar 

  9. Liu, A.X., et al.: Xengine: a fast and scalable XACML policy evaluation engine. In: ACM SIGMETRICS Performance Evaluation Review, no. 1, pp. 265–276 (2008)

    Google Scholar 

  10. Mazurek, M.L., et al.: Exploring reactive access control. In: Conference on Human Factors in Computing Systems, pp. 2085–2094. ACM (2011)

    Google Scholar 

  11. Ngo, C., Makkes, M.X., et al.: Multi-data-types interval decision diagrams for XACML evaluation engine. In: Privacy, Security and Trust, pp. 257–266. IEEE (2013)

    Google Scholar 

  12. Pina Ros, S., Lischka, M., Gómez Mármol, F.: Graph-based XACML evaluation. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 83–92. ACM (2012)

    Google Scholar 

  13. Rissanen, E.: Extensible access control markup language (XACML) version 3.0 (2013)

    Google Scholar 

  14. Sloman, M., Lupu, E.: Security and management policy specification. IEEE Netw. 16(2), 10–19 (2002)

    Article  Google Scholar 

  15. Son, H.X., Tran, L.K., Dang, T.K., Pham, Y.N.: Rew-XAC: an approach to rewriting request for elastic ABAC enforcement with dynamic policies. In: Advanced Computing and Applications, pp. 25–31. IEEE (2016)

    Google Scholar 

  16. Thi, Q.N.T., Dang, T.K.: X-STROWL: a generalized extension of XACML for context-aware spatio-temporal RBAC model with OWL. In: Digital Information Management, pp. 253–258. IEEE (2012)

    Google Scholar 

  17. Thi, Q.N.T., Si, T.T., Dang, T.K.: Fine grained attribute based access control model for privacy protection. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 305–316. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_21

    Chapter  Google Scholar 

  18. Turkmen, F., Demchenko, Y.: On the use of SMT solving for XACML policy evaluation. In: Cloud Computing Technology and Science, pp. 539–544. IEEE (2016)

    Google Scholar 

  19. Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Formal analysis of XACML policies using SMT. Comput. Secur. 66, 185–203 (2017)

    Article  Google Scholar 

Download references

Acknowledgements

This work was partially funded by the project of Ho Chi Minh City University of Technology under the contract number TSH-KHMT-2016-24 and was supported by AC-Lab (HCMUT) DISI-Labs (UNITN). Sincerely thank to Ngo Chan Nam, Lam Tuan Anh and Tran Luong Khiem who provided feedback on early revisions.

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Ha Xuan Son & Tran Khanh Dang

  2. University of Trento, Trento, Italy

    Fabio Massacci

Authors
  1. Ha Xuan Son
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tran Khanh Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ha Xuan Son .

Editor information

Editors and Affiliations

  1. Guangzhou University , Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Son, H.X., Dang, T.K., Massacci, F. (2017). REW-SMT: A New Approach for Rewriting XACML Request with Dynamic Big Data Security Policies. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72389-1_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72388-4

  • Online ISBN: 978-3-319-72389-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation