Specification and Enforcement of Activity Dependency Policies using XACML
arxiv(2024)
摘要
The evolving smart and interconnected systems are designed to operate with
minimal human intervention. Devices within these smart systems often engage in
prolonged operations based on sensor data and contextual factors. Recently, an
Activity-Centric Access Control (ACAC) model has been introduced to regulate
these prolonged operations, referred to as activities, which undergo state
changes over extended duration of time. Dependencies among different activities
can influence and restrict the execution of one another, necessitating active
and real-time monitoring of the dependencies between activities to prevent
security violation. In the ACAC model, the activity dependencies, denoted as
"D", is considered as a decision parameter for controlling a requested
activity. These dependencies must be evaluated throughout all phases of an
activity's life cycle.
To ensure the consistency of access control rules across diverse domains and
applications, a standard policy language is essential. We propose a policy
framework adapting the widely-used eXtensible Access Control Markup Language
(XACML) , referred to as XACML_AD, to specify the activity
dependency policies. This work involves extending the syntax and semantics of
XACML by introducing new elements to check dependent activities' states and
handle state updates on dependent activities. In addition to the language
extension, we present the enforcement architecture and data flow model of
evaluating policies for activity dependencies. The integration of the proposed
XACML_AD policy framework and the enforcement of the policies
supports dependency evaluation, necessary updates and continuous enforcement of
policies to control an activity throughout its life cycle. We implement the
enforcement architecture exploiting the XACML_AD policy framework
and discuss the performance evaluation results.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要