Internet Archive Scholar

Discovery and Resolution of Anomalies in Web Access Control Policies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni
2013 IEEE Transactions on Dependable and Secure Computing  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.2 MB)
https://web.archive.org/web/20151022180828/http://people.cs.clemson.edu/~hongxih/papers/TDSC2013.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL. The file type is application/pdf.

Emerging computing technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack
more » ... effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies, focusing on XACML (eXtensible Access Control Markup Language) policy. We introduce a policybased segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies.
doi:10.1109/tdsc.2013.18 fatcat:6fiicqdwwzdv3gd55zg5elpofi
Citation

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni. "Discovery and Resolution of Anomalies in Web Access Control Policies." IEEE Transactions on Dependable and Secure Computing 10.6 (2013) 341-354