This is the author’s version of a work that was submitted/accepted for pub-
lication in the following source:
Pham, Quan, Reid, Jason, & Dawson, Ed (2011) Policy filtering with
XACML. Technical Report : Information Security Institute, Queensland
University of Technology. (Submitted (not yet accepted for publication))
This file was downloaded from: http://eprints.qut.edu.au/41533/
c© Copyright 2011 The Authors
Notice: Changes introduced as a result of publishing processes such as
copy-editing and formatting may not be reflected in this document. For a
definitive version of this work, please refer to the published source:

Policy Filtering with XACML
Quan Pham, Jason Reid, and Ed Dawson
Information Security Institute, Queensland University of Technology
126 Margaret Street, Brisbane QLD 4001, Australia
fq.pham, jf.reid, e.dawsong@isi.qut.edu.au
Abstract
This paper presents a modied approach to evaluate access control policy similarity and dissimilarity based
on the proposal by Lin et al. (2007). Lin et al.'s policy similarity approach is intended as a lter stage which
identies similar XACML policies that can be analysed further using more computationally demanding
techniques based on model checking or logical reasoning. This paper improves the approach of computing
similarity of Lin et al. and also proposes a mechanism to calculate a dissimilarity score by identifying related
policies that are likely to produce dierent access decisions. Departing from the original algorithm, the
modications take into account the policy obligation, rule or policy combining algorithm and the operators
between attribute name and value. The algorithms are useful in activities involving parties from multiple
security domains such as secured collaboration or secured task distribution. The algorithms allow various
comparison options for evaluating policies while retaining control over the restriction level via a number of
thresholds and weight factors.
Key words: Similarity, Dissimilarity, Relatedness, Relevance, Policy Evaluation, Policy Management,
XACML, Access Control.
1. Introduction
The provision of seamless access to services located across multiple security domains is an emerging
demand. This trend is consolidated by the development of service oriented architecture (SOA) and the
federated technologies from various industry organisations. One of the key objectives of these technologies
is to improve the productivity and eciency of a service by connecting and provisioning it to a much wider
range of clients. The vision is that clients could be allowed to collaborate and interact by accessing services or
distributed resources across systems while maintaining an appropriate security posture and at the same time
minimising any impediments. This requires the security authorities of the involved systems to understand
and be able to verify security credentials of users from outside their domains. As discussed in the research
statement, in order to achieve this capability, the security authorities must be able to answer the following
question: \Given the user's information, related security policies of other involved systems and its own
security policies, should the request be honoured?".
To address this challenge, it is vital to construct a mechanism to compare the involved constraints (written
in the form of a policy) from other security domains with the local policies so that the local authority can
say \the external policy P1 is similar to the local policy P2". There is no trivial answer for this question.
The solutions requires a combination of approaches in which comparing the applicable security policies is
considered one of the most fundamental. The comparison process can be light-weight with low computational
eort (and correspondingly low accuracy) or computationally expensive with more accurate methods such
as Boolean checking or semantic analysis. The former to acts as a lter to identify relevant policies for
more rigorous but computationally demanding analysis. As there are a considerable number of approaches
designed to address the problem of evaluating policy compatibility or equivalence from various elds, the
issue of a light-weight lter has attracted little attention from researchers in the eld. This paper intends to
address this issue via an algorithm to ltering similar/dissimilar policies.
The core of this paper is a policy ltering algorithm which can identify similar/dissimilar policies based
on the requirements of the security authorities. Specically, this paper proposes a modied algorithm to
Preprint submitted to Computers and Security May 2, 2011