IRIS

Access control is a crucial issue for the security of Web Services. Since these are independently designed, implemented, and managed, each with its own access control policy, it is challenging to mediate the access to the information they share. In this context, a particularly difficult case occurs when a service invokes another service to satisfy an initial request, leading to indirect authorization errors. To overcome this problem, we propose a new approach based on a version of ORganization Based Access Control (OrBAC) extended by a delegation graph to keep track of transitive authorization dependencies. We show that Datalog can be used as the specification language of our model. As a byproduct of this, an automated analysis technique for simulating execution scenarios before deployment is proposed. Finally, we show how to implement an enforcement mechanism for our model on top of the XACML architecture. To validate our approach, we present a case study adapted from the literature.

Modeling authorization policies for Web services in presence of transitive dependencies / Uttha, W.; Bertolissi, C.; Ranise, S.. - (2015), pp. 293-300. (Intervento presentato al convegno 12th International Conference on Security and Cryptography, SECRYPT 2015 tenutosi a fra nel 2015) [10.5220/0005548502930300].

Modeling authorization policies for Web services in presence of transitive dependencies

Ranise S.
2015-01-01

Abstract

Access control is a crucial issue for the security of Web Services. Since these are independently designed, implemented, and managed, each with its own access control policy, it is challenging to mediate the access to the information they share. In this context, a particularly difficult case occurs when a service invokes another service to satisfy an initial request, leading to indirect authorization errors. To overcome this problem, we propose a new approach based on a version of ORganization Based Access Control (OrBAC) extended by a delegation graph to keep track of transitive authorization dependencies. We show that Datalog can be used as the specification language of our model. As a byproduct of this, an automated analysis technique for simulating execution scenarios before deployment is proposed. Finally, we show how to implement an enforcement mechanism for our model on top of the XACML architecture. To validate our approach, we present a case study adapted from the literature.
2015
SECRYPT 2015 - 12th International Conference on Security and Cryptography, Proceedings; Part of 12th International Joint Conference on e-Business and Telecommunications, ICETE 2015
France
SciTePress
978-989-758-117-5
2-s2.0-84964967666
Uttha, W.; Bertolissi, C.; Ranise, S.
Modeling authorization policies for Web services in presence of transitive dependencies / Uttha, W.; Bertolissi, C.; Ranise, S.. - (2015), pp. 293-300. (Intervento presentato al convegno 12th International Conference on Security and Cryptography, SECRYPT 2015 tenutosi a fra nel 2015) [10.5220/0005548502930300].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333082
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact