Towards Reasonability Properties for Access-Control Policy Languages

Michael Carl Tschantz, Shriram Krishnamurthi

ACM Symposium on Access Control Models and Technologies, 2006


The growing importance of access control has let to the definition of numerous languages for specifying policies. Since these languages are based on different foundations, language users and designers would benefit from formal means to compare them. We present a set of properties that examine the behavior of policies under enlarged requests, policy growth, and policy decomposition. They therefore suggest whether policies written in these languages are easier or harder to reason about under various circumstances. We then evaluate multiple policy languages, including XACML and Lithium, using these properties.


Erratum: The end of Section 3.1 states, “Given L define the partial order ≤ on D to be such that d ≤ d' if either d,d' ∈ N, d,d' ∈ G, or d ∈ N and d' ∈ G”. The relation ≤ is actually just a pre-order. This error does not affect any of the results since the paper never uses the antisymmetric property, which the relation lacks.



These papers may differ in formatting from the versions that appear in print. They are made available only to support the rapid dissemination of results; the printed versions, not these, should be considered definitive. The copyrights belong to their respective owners.