Modeling Authorization Policies for Web Services in Presence of Transitive Dependencies

Worachet Uttha; Clara Bertolissi; Silvio Ranise

doi:10.5220/0005548502930300

Modeling Authorization Policies for Web Services in Presence of Transitive Dependencies

Worachet Uttha, Clara Bertolissi, Silvio Ranise

2015

Abstract

Access control is a crucial issue for the security of Web Services. Since these are independently designed, implemented, and managed, each with its own access control policy, it is challenging to mediate the access to the information they share. In this context, a particularly difficult case occurs when a service invokes another service to satisfy an initial request, leading to indirect authorization errors. To overcome this problem, we propose a new approach based on a version of ORganization Based Access Control (OrBAC) extended by a delegation graph to keep track of transitive authorization dependencies. We show that Datalog can be used as the specification language of our model. As a byproduct of this, an automated analysis technique for simulating execution scenarios before deployment is proposed. Finally, we show how to implement an enforcement mechanism for our model on top of the XACML architecture. To validate our approach, we present a case study adapted from the literature.

Download

Paper Citation

in Harvard Style

Uttha W., Bertolissi C. and Ranise S. (2015). Modeling Authorization Policies for Web Services in Presence of Transitive Dependencies . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 293-300. DOI: 10.5220/0005548502930300

in Bibtex Style

@conference{secrypt15,
author={Worachet Uttha and Clara Bertolissi and Silvio Ranise},
title={Modeling Authorization Policies for Web Services in Presence of Transitive Dependencies},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={293-300},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005548502930300},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Modeling Authorization Policies for Web Services in Presence of Transitive Dependencies
SN - 978-989-758-117-5
AU - Uttha W.
AU - Bertolissi C.
AU - Ranise S.
PY - 2015
SP - 293
EP - 300
DO - 10.5220/0005548502930300