Skip to main content
SpringerLink
Log in

Aspect-Oriented State Machines for Resolving Conflicts in XACML Policies

  • Conference paper
  • First Online:
Networked Systems (NETYS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10299))

Included in the following conference series:

Abstract

Authorization in collaborative systems is defined by a global policy that represents the combination of the collaborators’ access policies. However, the enforcement of such a global policy may create conflicting authorization decisions. In this paper, we categorize two types of conflicts that may occur in such policies. Furthermore, to resolve these conflicts and to reach a unique decision for an access request, we present an approach that uses XACML policy combining algorithms and considers the category of the detected conflicts. The approach is implemented using aspect-oriented finite state machines.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ayache, M., Erradi, M., Khoumsi, A., Freisleben, B.: Analysis and verification of XACML policies in a medical cloud environment. Scalable Comput. Pract. Experience 17(3), 189–206 (2016)

    Google Scholar 

  2. Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). doi:10.1007/3-540-44898-5_4

    Chapter  Google Scholar 

  3. Dinkelaker, T., Erradi, M., Ayache, M.: Using aspect-oriented state machines for detecting and resolving feature interactions. Comput. Sci. Inf. Syst. 9(3), 1045–1074 (2012)

    Article  Google Scholar 

  4. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using XACML for access control in distributed systems. In: Proceedings of the 2003 ACM Workshop on XML Security, pp. 25–37. ACM (2003)

    Google Scholar 

  5. Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35890-6_10

    Chapter  Google Scholar 

  6. Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. (CSUR) 37(4), 316–344 (2005)

    Article  Google Scholar 

  7. Moses, T., et al.: Extensible access control markup language XACML version 2.0. Oasis Standard (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ENSIAS, Mohammed V University, Rabat, Morocco

    Meryeme Ayache & Mohammed Erradi

  2. Department of Mathematics and Computer Science, Philipps-Universität Marburg, Marburg, Germany

    Bernd Freisleben

  3. Department of Electrical and Computer Engineering, University of Sherbrooke, Sherbrooke, Canada

    Ahmed Khoumsi

Authors
  1. Meryeme Ayache
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Erradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernd Freisleben
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmed Khoumsi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meryeme Ayache .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of California, Santa Barbara, Santa Barbara, California, USA

    Amr El Abbadi

  2. Université de Lausanne, Lausanne, Switzerland

    Benoît Garbinato

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ayache, M., Erradi, M., Freisleben, B., Khoumsi, A. (2017). Aspect-Oriented State Machines for Resolving Conflicts in XACML Policies. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59647-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59646-4

  • Online ISBN: 978-3-319-59647-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation