Enhancing Database Access Control with XACML Policy
نویسندگان
چکیده
XACML is apparently the most convenient way to express attribute-based access control policies. Though XACML has been used in several access control areas, processing XACML policies for attribute-based database access control still has not been studied in depth. In this work we compile XACML policies, and utilize the underlying database access mechanisms such as ACLs to protect sensitive data. We use the attribute information residing in the database itself to define high level XACML policies and transform this policy to low level database access policies for access decisions on another part of the database. We implement and evaluate our idea over a synthetic database and come up with efficient policy compilation and verification time.
منابع مشابه
XACML Policies for Exclusive Resource Usage
The extensible access control markup language (XACML) is the standard access control policy specification language of the World Wide Web. XACML does not provide exclusive accesses to globally resources. We do so by enhancing the policy execution framework with locks.
متن کاملXML access control: mapping XACML policies to relational database tables
Although eXtensible Access Control Markup Language (XACML) is recognized as a precise and a complete policy description language, the structure of the current XACML policy is complex. Hence, users need to understand XACML well and write down the securing policy all by hand, which make it difficult to master and use. On the other hand, RDBMS is easy and simple to use by all users and allows hidi...
متن کاملExtending XACML to support Credential Based Hybrid Access Control
Various research efforts are in progress to enforce credential based access control using XACML standard. The current standard of XACML supports attribute based access control [4,5,9,19]. While XACML accepts certified attributes through digital certificates, it does not support credential based access control in which the access conditions are defined not only in terms of credential attributes ...
متن کاملPatterns for the eXtensible Access Control Markup Language
Web services are becoming the way for enterprises to interoperate. Many security standards for them have been developed; one of these is XACML (eXtensible Access Control Markup Language). XACML has been defined by OASIS and it includes a policy, an access decision language, and a specialized web services policy language. We present here three architectural patterns for XACML. The XACML Authoriz...
متن کاملAutomatic XACML requests generation for testing access control policies
XACML has become increasingly popular for specifying access control policies in mission critical domains to protect sensitive resources. However, manually crafted XACML policies may contain errors which can only be identified with manual policies review. Recent progress in policy testing still requires tedious and inefficient manual efforts to compose access requests. In this paper, we propose ...
متن کامل