Computer Science ›› 2017, Vol. 44 ›› Issue (11): 134-145.doi: 10.11896/j.issn.1002-137X.2017.11.021

Previous Articles     Next Articles

Mobile Application Security Policies and Testing Research on XACML

CAO Wan-tian and YU Peng-fei   

  • Online:2018-12-01 Published:2018-12-01

Abstract: With the development of mobile Internet technology,the mobile terminals that have the ability to compute are deployed in great quantities.They can complete various tasks with the support of a large number of mobile applications.More and more companies allow employees to bring their own devices into the work environment,and this can be called BYOD (Bring Your Own Device).But different people have different characters,and different resources have different access permissions.The leak of sensitive resources will lead to significant losses of the enterprise.If BYOD wants to be supported perfectly,it is important to ensure the security of data and system.The access control rules that are defined for access to sensitive resources from the corresponding mobile applications need to be clearly and to be implemented in the running process of mobile applications.XACML is an unified description language of access control policies.Until now,it is unable to support mobile applications and BYOD.In this paper,we proposed a study method of testing XACML policies based on that XACML can describe access control policies of mobile applications.We conducted a case studywith a project management app facing BYOD on the Android platform and showed the validity of our method.

Key words: BYOD,Security,Access control,XACML,Policy

[1] We Are Social.http://wearesocial.net.
[2] BYOD:Bring your own device.http://www.ibm.com/mobilefirst/us/en/bring-your-own-device/byod.html.
[3] RISSANEN E.extensible access control markup language (xacml) version 3.0.http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html.
[4] XPTester:XACML Policy Tester.http://seg.nju.edu.cn/XPTester.
[5] SANDHU R S,SAMARATI P.Access control:principle and practice[J].Communications Magazine,IEEE,1994,32(9):40-48.
[6] FERRAIOLO D F,SANDHU R,GAVRILA S,et al.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security (TISSEC),2001,4(3):224-274.
[7] FERRAIOLO D,KUHN D R,CHANDRAMOULI R.Role-based access control[M].Artech House,2003.
[8] SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47.
[9] GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of the 13th ACM conference on Computer and communications security.ACM,2006:89-98.
[10] OASIS.https://www.oasis-open.org/cn.
[11] XML安全:使用XACML控制信息访问.http://www.ibm.com/developerworks/cn/xml/x-xacml.
[12] 李刚.疯狂Android讲义(第2版)[M].北京:电子工业出版社,2013.
[13] Android Developers.http://developer.android.com/in-dex.html.
[14] “Balana” The Open source XACML 3.0 implementation.http://xacmlinfo.org/2012/08/16/balana-the-open-source-xacml-3-0-implementation.
[15] XACML-Editor.http://sourceforge.net/projects/umu-xacmleditor.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!