Designing Efficient XACML Policies for RESTful Services

Hüffmeyer, Marc; Schreier, Ulf

doi:10.1007/978-3-319-33612-1_6

Marc Hüffmeyer¹⁷ &
Ulf Schreier¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9421))

Included in the following conference series:

454 Accesses
1 Citations

Abstract

The popularity of REST grows more and more and so does the need for fine-grained access control for RESTful services. Attribute Based Access Control (ABAC) is a very generic concept that generalizes multiple different access control mechanisms. XACML is an implementation of ABAC based on XML and is established as a standard solution. Its flexibility opens the opportunity to specify detailed security policies. But on the other hand it has some drawbacks regarding maintenance and performance when the complexity of security policies grows. Long processing times for authorization requests are the consequence in environments that require fine-grained access control. We describe how to design a security policy in a resource oriented environment so that its drawbacks are minimized. The results are faster processing times for access requests and a guideline to structure security policies for RESTful services easing their maintenance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 34.99; Price excludes VAT (USA)

Softcover Book: USD 44.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://github.com/wso2/balana.

References

Brachmann, E., Dittmann, G., Schubert, K.: Simplified authentication and authorization for RESTful services in trusted environments. In: Proceedings of the First European Conference on Service-Oriented and Cloud Computing, ESOCC 2012 (2012)
Google Scholar
Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge (2001)
MATH Google Scholar
Cubera, D., Epstein, A.: Fast difference and update of XML documents. In: XTech 1999 (1999)
Google Scholar
Fielding, T.R.: Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine (2000)
Google Scholar
Organization for the Advancement of Structured Information Standard. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2013)
Google Scholar
Graf, S., Zholudev, V., Lewandowski, L., Waldvogel, M.: Hecate, managing authorization with RESTful XML. In: WS-REST 2011 (2011)
Google Scholar
Hüffmeyer, M., Schreier, U.: An attribute based access control model for RESTful services. In: SummerSOC 2015 (2015)
Google Scholar
Internet Engineering Task Force. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616 (1999)
Google Scholar
Liu, A., Chen, F., Hwang, J., Xie, T.: Xengine: a fast and scalable XACML policy evaluation engines. In: SIGMETRICS 2008 (2008)
Google Scholar
Liu, A., Chen, F., Hwang, J., Xie, T.: Designing fast and scalable XACML policy evaluation engines. IEEE Trans. Comput. 60, 1802–1817 (2011)
Article MathSciNet Google Scholar
Lorch, M., Kafura, D., Shah, S.: An XACML-based policy management and authorization service for globus resources. In: GRID 2003 (2003)
Google Scholar
Marouf, F., Shehab, M., Squicciarini, A., Sundareswaran, S.: Adaptive reordering and clustering-based framework for efficient XACML policy evaluation. IEEE Trans. Serv. Comput. 4, 300–313 (2010)
Article Google Scholar
Miseldine, P.: Automated XACML policy reconfiguration for evaluation optimisation. In: SESS 2008 (2008)
Google Scholar
Ros, S., Lischka, M., Marmol, F.: Graph-based XACML evaluation. In: SACMAT 2012 (2012)
Google Scholar
Sandhu, D.: The authorization leap from rights to attributes: maturation or chaos? In: SACMAT 2012 (2012)
Google Scholar
Shen, H., Hong, F.: An attribute based access control model for web services. In: Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006 (2006)
Google Scholar
Sun, F., Xu, L., Su, Z.: Static detection of access control vulnerabilities in web applications. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011 (2011)
Google Scholar
Wang, Y., DeWitt, D., Cai, J.: X-diff: an effective change detection algorithm for XML documents. In: ICDE 2003 (2003)
Google Scholar
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, ICWS 2005 (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Furtwangen University of Applied Sciences, Furtwangen im Schwarzwald, Germany
Marc Hüffmeyer & Ulf Schreier

Authors

Marc Hüffmeyer
View author publications
You can also search for this author in PubMed Google Scholar
Ulf Schreier
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Hüffmeyer .

Editor information

Editors and Affiliations

IT University of Copenhagen, Copenhagen, Denmark
Thomas Hildebrandt
Universidade NOVA de Lisboa, Caparica, Portugal
António Ravara
Universiteit Utrecht, Utrecht, The Netherlands
Jan Martijn van der Werf
Humboldt-Universität zu Berlin, Berlin, Germany
Matthias Weidlich

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hüffmeyer, M., Schreier, U. (2016). Designing Efficient XACML Policies for RESTful Services. In: Hildebrandt, T., Ravara, A., van der Werf, J., Weidlich, M. (eds) Web Services, Formal Methods, and Behavioral Types. WS-FM WS-FM 2014 2015. Lecture Notes in Computer Science(), vol 9421. Springer, Cham. https://doi.org/10.1007/978-3-319-33612-1_6

Download citation

DOI: https://doi.org/10.1007/978-3-319-33612-1_6
Published: 20 April 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33611-4
Online ISBN: 978-3-319-33612-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics