Multi-data-types interval decision diagrams for XACML evaluation engine

Ngo, Canh; Makkes, Marc X.; Demchenko, Yuri; Laat, Cees de

doi:10.1109/pst.2013.6596061

Cited by 20 publications

(12 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In another context related to policy evaluation for efficient decision process, few approaches have been proposed such [22][23][24][25]. Based on the study of the current literature, it is trivial that both domains are still and will continue to be a challenging niche for researchers.…”

Section: Related Workmentioning

confidence: 99%

Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies

Jebbaoui

Mourad

Otrok

et al. 2015

Computers & Electrical Engineering

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Semantics-based approach for detecting flaws, conflicts and redundancies in XACML policies

Jebbaoui

Mourad

Otrok

et al. 2015

Computers & Electrical Engineering

View full text Add to dashboard Cite

“…Researchers recently analyzed the effects of policy evaluation performance and highlighted its relation to the used attributes and attribute values [32]. Regarding attribute constraints, Bijon et al, for instance, introduce constraints on attribute assignments and values [6].…”

Section: Attribute Managementmentioning

confidence: 99%

Introducing Dynamic Identity and Access Management in Organizations

Kunz

Fuchs²,

Hummer³

et al. 2015

Information Systems Security

View full text Add to dashboard Cite

Abstract. Efficient and secure management of access to resources is a crucial challenge in today's corporate IT environments. During the last years, introducing company-wide Identity and Access Management (IAM) infrastructures building on the Role-based Access Control (RBAC) paradigm has become the de facto standard for granting and revoking access to resources. Due to its static nature, the management of rolebased IAM structures, however, leads to increased administrative efforts and is not able to model dynamic business structures. As a result, introducing dynamic attribute-based access privilege provisioning and revocation is currently seen as the next maturity level of IAM. Nevertheless, up to now no structured process for incorporating Attribute-based Access Control (ABAC) policies into static IAM has been proposed. This paper closes the existing research gap by introducing a novel migration guide for extending static IAM systems with dynamic ABAC policies. By means of conducting structured and tool-supported attribute and policy management activities, the migration guide supports organizations to distribute privilege assignments in an application-independent and flexible manner. In order to show its feasibility, we provide a naturalistic evaluation based on two real-world industry use cases.

show abstract

“…In the XACML evaluation process [12] [17], there has been three-valued logic to determine policy decisions [8]. Therefore it defines the three-valued logic as L3= (V3, ≤)where the V3 is the set ( T, N, I) and N≤I≤T.…”

Section: The Three -Valued Logic In Xacmlmentioning

confidence: 99%