Prathima Rao

Access control policy combining: theory meets practice

Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs). Existing access control policy languages, however, do not provide a formal language for specifying PCAs. As a result, it is difficult to extend them with new PCAs. While several formal policy combining algebras have been proposed, they did not address important practical issues such as policy evaluation errors and obligations; furthermore, they cannot express PCAs that consider all sub-policies as a whole (e.g., weak majority or strong majority). We propose a policy combining language PCL, which can succinctly and precisely express a variety of PCAs. PCL represents an advancement both in terms of theory and practice. It is based on automata theory and linear constraints, and is more expressive than existing approaches. We have implemented PCL and integrated it with SUNs XACML implementation. With PCL, a policy evaluation engine only needs to understand PCL to evaluate any PCA specified in it.

An algebra for fine-grained integration of XACML policies

Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints. To assess the expressive power of our algebra, we introduce a notion of completeness and prove that our algebra is complete with respect to this notion. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams.

An approach to evaluate policy similarity

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.

EXAM: a comprehensive environment for the analysis of access control policies

Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment—EXAM. The environment supports various types of analysis query, which we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of our analyzer.

Policy decomposition for collaborative access control

With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting resources entrusted to them. Access control decisions thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements of these parties. Unfortunately, none of the conventional access control systems meets these new requirements. To support collaborative access control, in this paper, we propose a novel policy-based access control model. Our main idea is based on the notion of policy decomposition and we propose an extension to the reference architecture for XACML. We present algorithms for decomposing a global policy and efficiently evaluating requests.

Analysis of privacy and security policies

The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.

Fine-grained integration of access control policies

Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints. For ease of use, we also introduce a set of derived operators and provide guidelines for users to edit a policy with desired properties. To assess the expressive power of our algebra, we define notion of completeness and prove that our algebra is complete and minimal with respect to the notion. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams. Experimental results have demonstrated both effectiveness and efficiency of our approach. In addition, we also discuss issues regarding obligations.

A domain-specific compiler theory based framework for automated reaction network generation

Catalytic chemical reaction networks are often very complicated because of the numerous species and reactions involved. Hence, automating the network generation process is necessary as it is quite labor intensive and error prone to write down all the reactions manually. We present an automated integrated framework for reaction network generation based on domain-specific compiler theory using a knowledge base of chemistry rules. The chemistry rules represent basic reaction mechanisms that the reactants can undergo. The systems domain-specific compiler takes the rules and initial reactants as inputs, parses the rule text, generates the intermediate representation, and finally produces the reaction network by interpreting the intermediate representation. We chose the Abstract Syntax Tree (AST) as the intermediate representation because of its transparency and ease of search. The system executes the AST using the initial reactants, and generates the reaction network. The Reaction Description Language (RDL) has been extended to describe the chemistry rules for catalytic systems, and the molecules are represented by Simplified Molecular Input Line Entry System (SMILES). This framework separates the molecules and the behavior of catalysts, represented by the chemistry rules. This approach accelerates the speed of generating hypotheses for building the kinetic models for catalytic systems.

Visualization for Access Control Policy Analysis Results Using Multi-level Grids

The rapid increase in deployment of policy-based access control systems faces security administrators with the daunting task of managing a large number of complex access control policies. Several policy analysis types, (e.g., policy similarity, policy conflict and change-impact) have been proposed to help administrators maintain consistent and conflict-free policy repositories. However, there has not been much focus on the presentation and the ensuing interpretation of the results of such analyses, which greatly undermines the usability factor. In this paper, we present a novel multi-level grid-based technique for visualizing results of policy analysis. We implemented this technique, and we present a sample policy similarity analysis scenario that highlights the advantages of the proposed result visualization method.

EXAM: An Environment for Access Control Policy Analysis and Management

As distributed collaborative applications and architectures are adopting policy-based solutions for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such solutions. In large-scale distributed collaborative applications like Web services, there is need for analyzing policy interaction and performing policy integration. In this demonstration, we present EXAM, a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy similarity analysis, policy integration. Our work focuses on analysis of access control policies written in XACML (Extensible Access Control Markup Language) [5]. We consider XACML policies because XACML is a rich language able to represent many policies of interest to real world applications and is gaining widespread adoption in the industry.