Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Specification and Enforcement of Activity Dependency Policies using XACML (2403.10092v1)

Published 15 Mar 2024 in cs.CR

Abstract: The evolving smart and interconnected systems are designed to operate with minimal human intervention. Devices within these smart systems often engage in prolonged operations based on sensor data and contextual factors. Recently, an Activity-Centric Access Control (ACAC) model has been introduced to regulate these prolonged operations, referred to as activities, which undergo state changes over extended duration of time. Dependencies among different activities can influence and restrict the execution of one another, necessitating active and real-time monitoring of the dependencies between activities to prevent security violation. In the ACAC model, the activity dependencies, denoted as "D", is considered as a decision parameter for controlling a requested activity. These dependencies must be evaluated throughout all phases of an activity's life cycle. To ensure the consistency of access control rules across diverse domains and applications, a standard policy language is essential. We propose a policy framework adapting the widely-used eXtensible Access Control Markup Language (XACML) , referred to as $\mathrm{XACML_{AD}}$, to specify the activity dependency policies. This work involves extending the syntax and semantics of XACML by introducing new elements to check dependent activities' states and handle state updates on dependent activities. In addition to the language extension, we present the enforcement architecture and data flow model of evaluating policies for activity dependencies. The integration of the proposed $\mathrm{XACML_{AD}}$ policy framework and the enforcement of the policies supports dependency evaluation, necessary updates and continuous enforcement of policies to control an activity throughout its life cycle. We implement the enforcement architecture exploiting the $\mathrm{XACML_{AD}}$ policy framework and discuss the performance evaluation results.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. First experiences using XACML for access control in distributed systems. In Proc. of the ACM workshop on XML security, pages 25–37, 2003.
  2. Towards activity-centric access control for smart collaborative ecosystems. In Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, pages 155–164, 2021.
  3. The ACAC_D Model for Mutable Activity Control and Chain of Dependencies in Smart and Collaborative Systems. arXiv preprint arXiv:2308.01783, 2023.
  4. BlueSky: Activity Control: A Vision for Active Security Models for Smart Collaborative Systems. In Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, pages 207–216, 2022.
  5. eXtensible Access Control Markup Language (XACML) Version 3.0 — docs.oasis-open.org. https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. [Accessed 27-12-2023].
  6. Jonathan D Moffett. Specification of management policies and discretionary access control. Network and distributed systems management, pages 455–480, 1994.
  7. A mandatory access control model with enhanced flexibility. In International conference on multimedia information networking and security, volume 1, pages 120–124. IEEE, 2009.
  8. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224–274, 2001.
  9. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST special publication, 800(162):1–54, 2013.
  10. Reachability analysis for attributes in ABAC with group hierarchy. IEEE Transactions on Dependable and Secure Computing, 20(1):841–858, 2022.
  11. Resource usage policy expression and enforcement in grid computing. In 8th IEEE/ACM International Conference on Grid Computing, pages 66–73, 2007.
  12. A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proceedings of the ACM symposium on Access control models and technologies, 2008.
  13. A proposal on enhancing XACML with continuous usage control features. In Grids, P2P and Services Computing, pages 133–146. Springer, 2010.
  14. A prototype for enforcing usage control policies based on XACML. In Int. Conference on Trust, Privacy and Security in Digital Business. Springer, 2012.
  15. XACML v3.0 Related and Nested Entities Profile Version 1.0 — docs.oasis-open.org. https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.html. [Accessed 22-12-2023].
  16. OASIS eXtensible Access Control Markup Language (XACML) TC | OASIS — oasis-open.org. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml. [Accessed 27-12-2023].
  17. Adaptive XACML access policies for heterogeneous distributed IoT environments. Information Sciences, 548:135–152, 2021.
  18. XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles. Sensors, 23(4):1763, 2023.
  19. City on the sky: extending xacml for flexible, secure data sharing on the cloud. Journal of Grid Computing, 10:151–172, 2012.
  20. SBA-XACML: Set-based approach providing efficient policy decision process for accessing Web services. Expert systems with applications, 42(1):165–178, 2015.
  21. Secure iot-based emergency management system for smart buildings. In IEEE Wireless Communications and Networking Conference (WCNC), pages 1–7, 2021.
  22. XSACd—Cross-domain resource sharing and access control for smart environments. Future Generation Computer Systems, 80:572–582, 2018.
  23. Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC), 11(1):1–36, 2008.
  24. Modeling and enforcing advanced access control policies in healthcare systems with sectet. In Models in Software Engineering: Workshops and Symposia at MoDELS 2007, Nashville, TN, USA, September 30-October 5, 2007, Reports and Revised Selected Papers 10, pages 132–144. Springer, 2008.
  25. The UCONABCsubscriptUCONABC\mathrm{UCON_{ABC}}roman_UCON start_POSTSUBSCRIPT roman_ABC end_POSTSUBSCRIPT usage control model. ACM transactions on information and system security (TISSEC), 7(1):128–174, 2004.
  26. JSON Profile of XACML 3.0 Version 1.1 — docs.oasis-open.org. https://docs.oasis-open.org/xacml/xacml-json-http/v1.1/os/xacml-json-http-v1.1-os.html. [Accessed 27-12-2023].

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now