eprintid: 1575 rev_number: 10 eprint_status: archive userid: 31 dir: disk0/00/00/15/75 datestamp: 2013-05-02 13:36:28 lastmod: 2013-05-02 13:36:28 status_changed: 2013-05-02 13:36:28 type: book_section metadata_visibility: show creators_name: Masi, Massimiliano creators_name: Pugliese, Rosario creators_name: Tiezzi, Francesco creators_id: creators_id: creators_id: francesco.tiezzi@imtlucca.it title: Formalisation and Implementation of the XACML Access Control Mechanism ispublished: pub subjects: QA75 divisions: CSA full_text_status: public note: PBAC, XACML, formal semantics, CASE tools - Proceedings of the 2nd International Symposium on Engineering Secure Software and Systems (ESSoS) abstract: We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specifica- tion and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis for developing tools and methodologies which allow software engineers to easily and precisely regulate access to resources using policies. To demonstrate feasibility and effectiveness of our approach, we provide a software tool, supporting the specification and evaluation of policies and access requests, whose implementation fully relies on our formal development. date: 2012 date_type: published series: Lecture Notes in Computer Science number: 7159 publisher: Springer pagerange: 60-74 id_number: 10.1007/978-3-642-28166-2_7 refereed: TRUE isbn: 978-3-642-28165-5 book_title: Engineering Secure Software and Systems official_url: http://dx.doi.org/10.1007/978-3-642-28166-2_7 citation: Masi, Massimiliano and Pugliese, Rosario and Tiezzi, Francesco Formalisation and Implementation of the XACML Access Control Mechanism. In: Engineering Secure Software and Systems. Lecture Notes in Computer Science (7159). Springer, pp. 60-74. ISBN 978-3-642-28165-5 (2012) document_url: http://eprints.imtlucca.it/1575/1/MPT_essos2012.pdf