The logic of XACML

Carroline Dewi Puspa Kencana Ramli, Hanne Riis Nielson, Flemming Nielson

Research output: Contribution to journalJournal articleResearchpeer-review


We study the international standard XACML 3.0 for describing security access control policies in a compositional way. Our main contributions are (i) to derive a logic that precisely captures the intentions of the standard, (ii) to formally define a semantics for the XACML 3.0 component evaluation, and (iii) to define a semantics for the XACML 3.0 standard combining operators. To guard against modeling artefacts we provide an alternative lattice based way of characterizing the policy combining operators and we formally prove the equivalence of these approaches thereby increasing our faith in either one. We then discuss several ways of extending XACML: one direction is to extend XACML with new combining operators, and another direction is to incorporate the notion of conflict into XACML. We conclude by discussing the possibility of analysing XACML policies for gaps and conflicts.
Original languageEnglish
JournalScience of Computer Programming
Pages (from-to)80-105
Publication statusPublished - 2014


  • Access control
  • Control systems
  • XACML 3.0
  • Composition policies


Dive into the research topics of 'The logic of XACML'. Together they form a unique fingerprint.

Cite this