The Logic of XACML - Extended
Carroline Dewi Puspa Kencana Ramli, Hanne Riis Nielson, Flemming, Nielson
TL;DR
This paper formalizes the logic behind XACML 3.0, providing a precise semantics for its policy combining algorithms and addressing previous modeling shortcomings.
Contribution
It introduces a new logic capturing XACML's principles and proves the equivalence of different formalization approaches, improving understanding of access control policies.
Findings
Formal logic for XACML 3.0 established
Equivalence of alternative policy combining algorithms proven
Identified shortcomings in previous formalizations
Abstract
We study the international standard XACML 3.0 for describing security access control policy in a compositional way. Our main contribution is to derive a logic that precisely captures the idea behind the standard and to formally define the semantics of the policy combining algorithms of XACML. To guard against modelling artefacts we provide an alternative way of characterizing the policy combining algorithms and we formally prove the equivalence of these approaches. This allows us to pinpoint the shortcoming of previous approaches to formalization based either on Belnap logic or on D-algebra.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Information and Cyber Security · Semantic Web and Ontologies