Exam: An environment for XACML policy analysis and management
Abstract
As distributed collaborative applications and architectures are adopting policy based management for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is need for analysing policy interaction and performing policy integration. In this thesis, we propose and implement EXAM, a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy similarity analysis, policy integration etc. As part of this environment we have proposed two novel policy similarity analysis techniques along with fine-grained integration algebra (FIA) for integrating 3-valued access control policies. We also provide a framework for specifying policy integration constraints using FIA and generating an integrated policy. Our work focuses on analysis of access control policies written in the dialect of XACML (Extensible Access Control Markup Language) [1]. We consider XACML policies because XACML is a rich language which can represent many policies of interest to real world applications and is gaining widespread adoption in the industry.
Degree
Ph.D.
Advisors
Bertino, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.