A PATH-CONSISTENCY BASED ALGORITHM FOR ANOMALY DETECTION OF SPATIAL CONSTRAINTS IN GEOXACML POLICIES
Keywords:
GeoXACML, anomaly detection, RCC8, path-consistency algorithmAbstract
Anomaly detection in GeoXACML policies supports policy designers in the policy definition process to save effort, minimize errors, improve performance. Currently, there is a lot of research focusing on anomaly detection in XACML from which GeoXACML is extended. However, no research directly solves anomaly detection problem in GeoXACML, especially in the spatial aspect. In this paper, we propose an algorithm based on the path-consistency algorithm to detect anomalies in spatial constraints of GeoXACML policies. In our approach, when a policy designer adds a new rule or updates an existing rule, an engine will automatically check if this rule is potentially conflicting or redundant to others. We also present a simple example in step-by-step to clarify how this algorithm works. Finally, to analyze the performance of this algorithm, we will consider its computational complexity.
Downloads
References
Matheus, A., Geospatial extensible access control markup language (GeoXACML) version 3.0. OGC implementation standard, Open Geospatial Consortium (OGC), March 2007. 2. Moses, T., eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS implementation standard, OASIS, February 2005. 3. Hounder, F., Conflict detection and resolution of XACML policies. Master’s thesis, University of Applied Sciences Rapperswil, July 2010. 4. Hu, H., Ahn, G., and Kulkarni, K., Anomaly discovery and resolution in web access control policies. in Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT’11 ACM, 2011, 165–174. 5. Agrawal, D., Giles, J., Lee, K., and Lobo, J., Policy ratification. In Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, 2005, 223–232.
Mazzoleni, P., Crispo, B., Sivasubramanian, S., and Bertino, E., XACML Policy Integration Algorithms. ACM Transactions on Information and System Security, 11(1), 2008. 7. Ni, Q., Bertino, E., and Lobo, J., D-algebra for composing access control policy decisions. in Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ACM, 2009, 298–309. 8. Rao, P., Lin, D., Bertino, E., Li, N., and Lobo, J., An algebra for fine-grained integration of xacml policies. in Proceedings of the 14th ACM symposium on Access control models and technologies, ACM, 2009, 63–72. 9. Liu, A., Chen, F., Hwang, J., and Xie, T., Xengine: A fast and scalable xacml policy evaluation engine. ACMSIGMETRICS Performance Evaluation Review, 36(1), 2008, 265–276. 10. Marouf, S., Shehab, M., Squicciarini, A., and Sundareswaran, S., Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation. in IEEE International Symposium on Policies for Distributed Systems and Networks, IEEE, 2009, 118–125. 11. Clementini, E. and Di, F. P., A Comparison of Methods for Representing Topological Relationships. Information Sciences - Applications, 3(3), 1995, 149-178. 12. Randell, D. A., Cui, Z., and Cohn, A. G., A Spatial logic based on regions and connection. in Proceedings of the 3rd. International Conference on Knowledge Representation and Reasoning, Morgan Kaufmann, San Mateo, 1992, 165-176. 13. Egenhofer, M. J. and Herring, J. R., A Mathematical Framework for the Definition of Topological Relationships. in Proceedings of the 4th International Symposium on Spatial Data Handling (SDH 90), Zurich, 1990, 803-813. 14. Allen, J.F., Maintaining knowledge about temporal intervals. Communications of the ACM, vol.26, 1983, 832–843. 15. Egenhofer, M. J., Reasoning about Binary Topological Relations. in Proceedings of the Second Symposium on Large Spatial Databases (SSDÕ91), Zurich, 1991. Lecture Notes in Computer Science no.525, 143-159. 16. Golumbic, M.C., and Shamir, R., Complexity and algorithms for reasoning about time: a graph-theoretic approach. Journal of the ACM, 40(5), 1993, 1108– 1133. 17. Grigni, M., Papadias, D., and Papadimitriou, C., Topological inference. in Proceedings of the 14th International Joint Conference on Artificial Intelligence, 1995, 901–906. 18. Renz, J. and Nebel, B., On the complexity of qualitative spatial reasoning: A maximal tractable fragment of the Region Connection Calculus. Artificial Intelligence,1999,69–123. 19. Mackworth, A., and Freuder, E., The complexity of some polynomial network consistency algorithms for constraint satisfaction problems. Artificial intelligence, 25(1), 1985. 20. Renz, J., Nebel, B., Efficient methods for qualitative spatial reasoning. Journal of Artificial Intelligence Research, 15(1), 2001, 289-318. 21. Anderson, A., Evaluating XACML as a policy language. Technical report, OASIS, Mar 2003. 22. Cook, S.A., The complexity of theorem proving procedures. in Proceedings of 3rd Annual ACM Symposium on Theory of Computing, ACM, New York, 1971, 151-158.