Abstract
Application of dynamic policy has brought benefits to distributed systems, cloud systems, and social network. However, there are no previous studies focused on solving authorization problems in the dynamic policy. In this paper, we focus on analyzing the way of policy change and providing solutions in the dynamic policy environment. The contribution of this paper is two-fold: including the solution for changing policy even when the access request has been granted by the policy and we provide an XACML-based implementation that incorporates the rewriting request model. Experiential results with real-world policies have established the practical and theoretical value of our newly introduced approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Continue-a: the policy is taken and converted by [11].
- 3.
KMarket: a real-world policy taken from Balana in 2013.
- 4.
GEYSER: http://www.geysers.eu/.
References
Ammar, N., et al.: XACML policy evaluation with dynamic context handling. IEEE Trans. Knowl. Data Eng. 27, 2575–2588 (2015)
Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. Handb. Satisf. 185, 825–885 (2009)
Dunlop, N., et al.: Dynamic policy model for large evolving enterprises. In: Enterprise Distributed Object Computing Conference, pp. 193–197. IEEE (2001)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800-162 (2013)
Jaiswal, C., Nath, M., Kumar, V.: Location-based security framework for cloud perimeters. IEEE Cloud Comput. 1(3), 56–64 (2014)
Kabbani, B., et al.: Specification and enforcement of dynamic authorization policies oriented by situations. In: New Technologies, Mobility and Security, pp. 1–6 (2014)
Laborde, R., et al.: An adaptive XACMLv3 policy enforcement point. In: Computer Software and Applications Conference, pp. 620–625. IEEE (2014)
Le Thi, K.T., Dang, T.K., Kuonen, P., Drissi, H.C.: STRoBAC – spatial temporal role based access control. In: Nguyen, N.-T., Hoang, K., Jȩdrzejowicz, P. (eds.) ICCCI 2012. LNCS (LNAI), vol. 7654, pp. 201–211. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34707-8_21
Liu, A.X., et al.: Xengine: a fast and scalable XACML policy evaluation engine. In: ACM SIGMETRICS Performance Evaluation Review, no. 1, pp. 265–276 (2008)
Mazurek, M.L., et al.: Exploring reactive access control. In: Conference on Human Factors in Computing Systems, pp. 2085–2094. ACM (2011)
Ngo, C., Makkes, M.X., et al.: Multi-data-types interval decision diagrams for XACML evaluation engine. In: Privacy, Security and Trust, pp. 257–266. IEEE (2013)
Pina Ros, S., Lischka, M., Gómez Mármol, F.: Graph-based XACML evaluation. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 83–92. ACM (2012)
Rissanen, E.: Extensible access control markup language (XACML) version 3.0 (2013)
Sloman, M., Lupu, E.: Security and management policy specification. IEEE Netw. 16(2), 10–19 (2002)
Son, H.X., Tran, L.K., Dang, T.K., Pham, Y.N.: Rew-XAC: an approach to rewriting request for elastic ABAC enforcement with dynamic policies. In: Advanced Computing and Applications, pp. 25–31. IEEE (2016)
Thi, Q.N.T., Dang, T.K.: X-STROWL: a generalized extension of XACML for context-aware spatio-temporal RBAC model with OWL. In: Digital Information Management, pp. 253–258. IEEE (2012)
Thi, Q.N.T., Si, T.T., Dang, T.K.: Fine grained attribute based access control model for privacy protection. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 305–316. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_21
Turkmen, F., Demchenko, Y.: On the use of SMT solving for XACML policy evaluation. In: Cloud Computing Technology and Science, pp. 539–544. IEEE (2016)
Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Formal analysis of XACML policies using SMT. Comput. Secur. 66, 185–203 (2017)
Acknowledgements
This work was partially funded by the project of Ho Chi Minh City University of Technology under the contract number TSH-KHMT-2016-24 and was supported by AC-Lab (HCMUT) DISI-Labs (UNITN). Sincerely thank to Ngo Chan Nam, Lam Tuan Anh and Tran Luong Khiem who provided feedback on early revisions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Son, H.X., Dang, T.K., Massacci, F. (2017). REW-SMT: A New Approach for Rewriting XACML Request with Dynamic Big Data Security Policies. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-72389-1_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)