Access Control

Access control plays an important role in managing sensitive information and resources. An access control policy defines the conditions to which the access to resources can be granted and to whom. Our research focuses on verification and validation of attribute-based access control (ABAC) policies, role-based access control (RBAC) policies, and obligations.

  1. Dianxiang Xu and Shuai Peng. Towards Automatic Repair of Access Control Policies. Proc. of the 14th IEEE Conference on Privacy, Security and Trust (PST'16), Auckland, New Zealand, December 2016.
  2. Sung-Ju Fan Chiang, Daniel Chen and Dianxiang Xu. Conformance Testing of Balana: An Open Source Implementation of the XACML3.0 Standard. Proc. of the 28th International Conf. on Software Engineering and Knowledge Engineering (SEKE'16), San Francisco Bay, July 2016.
  3. Dianxiang Xu, Zhenyu Wang, Shuai Peng, Ning Shen. Automated Fault Localization of XACML Policies, Proc. of the 21st ACM Symposium on Access Control Models and Technologies (SACMAT'16), pp. 137-147, Shanghai, China, June 2016.
  4. Dianxiang Xu, Yunpeng Zhang, Ning Shen. Formalizing Semantic Differences between Combining Algorithms in XACML 3.0 Policies, Proc. of the 2015 International Conference on Software Quality, Reliability and Security (QRS'15), Vancouver, Canada. August 2015.
  5. Dianxiang Xu, Ning Shen, Yunpeng Zhang. Fault-Based Testing of Combining Algorithms in XACML3.0 Policies. Proc. of the 27th International Conf. on Software Engineering and Knowledge Engineering (SEKE'15), Pittsburg, July 2015.
  6. Dianxiang Xu, Michael Kent, Lijo Thomas, Tejeddine Mouelhi, and Yves Le Traon. Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets. IEEE Transactions on Computers, Vo. 64, No. 9, pp. 2490-2505, September 2015.
  7. Dianxiang Xu, Yunpeng Zhang. Specification and Analysis of Attribute-Based Access Control Policies: An Overview. Proc. of the International Workshop on Information Assurance, in conjunction with SERE'14. San Francisco, CA. June 2014.
  8. Sandeep Lakkaraju and Dianxiang Xu, Integrated Modeling and Analysis of Attribute based Access Control Policies and Workflows in Healthcare, Proc. of the 1st International Conference on Trustworthy Systems and Their Applications (TSA'14), Taiwan, June 2014.
  9. Dianxiang Xu, Michael Sanford, Zhaoliang Liu, Mark Emry, Brad Brockmueller, Spencer Johnson, Michael To. Testing Access Control and Obligation Policies, Proc. of the 2013 International Conference on Computing, Networking and Communications (ICNC'13), San Diego, January 2013.
  10. Dianxiang Xu, Lijo Thomas, Michael Kent, Tejeddine Mouelhi, and Yves Le Traon. A Model-Based Approach to Automated Testing of Access Control Policies. Proc. of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT12), Newark, USA, June 2012.