Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs). Existing access control policy languages, however, do not provide a formal language for specifying PCAs. As a result, it is difficult to extend them with new PCAs. While several formal policy combining algebras have been proposed, they did not address important practical issues such as policy evaluation errors and obligations; furthermore, they cannot express PCAs that consider all sub-policies as a whole (e.g., weak majority or strong majority). We propose a policy combining language PCL, which can succinctly and precisely express a variety of PCAs. PCL represents an advancement both in terms of theory and practice. It is based on automata theory and linear constraints, and is more expressive than existing approaches. We have implemented PCL and integrated it with SUN's XACML implementation. With PCL, a policy evaluation engine only needs to understand PCL to evaluate any PCA specified in it.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. The enterprise privacy authorization language (EPAL). http://www.w3.org/2003/p3p-ws/pp/ibm3.html.
	2	M. Backes, M. Durmuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In ESORICS '04: Proceedings of the 2004 European Symposium on Research in Computer Security, 2004.
	3	Lujo Bauer , Jay Ligatti , David Walker, Composing security policies with polymer, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005, Chicago, IL, USA
	4	N. D. Belnap. A useful four-valued logic. In Modern Uses of Multiple-Valued Logic, 1977.
	5	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002  [doi>10.1145/504909.504910]
	6	Glenn Bruns , Daniel S Dantas , Michael Huth, A simple and expressive semantic framework for policy composition in access control, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.12-21, November 02-02, 2007, Fairfax, Virginia, USA  [doi>10.1145/1314436.1314439]
	7	Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , Michael Carl Tschantz, Verification and change-impact analysis of access-control policies, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062502]
	8	S. Hada and M. Kudo. XML access control language: Provisional authorization for XML documents. http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html.
	9	J. Halpern and V. Weissman. Using first-order logic to reason about policies. In CSFW '03: Proceedings of the Computer Security Foundations Workshop, 2003.
	10	Vladimir Kolovski , James Hendler , Bijan Parsia, Analyzing web access control policies, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada  [doi>10.1145/1242572.1242664]
	11	J. Ligatti, L. Bauer, and D. Walker. Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Sec., 4(1-2):2--16, 2005.
	12	Alex X. Liu , Fei Chen , JeeHyun Hwang , Tao Xie, Xengine: a fast and scalable XACML policy evaluation engine, Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 02-06, 2008, Annapolis, MD, USA
	13	Evan Martin , Tao Xie, A fault model and mutation testing of access control policies, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada  [doi>10.1145/1242572.1242663]
	14	P. Mazzoleni , E. Bertino , B. Crispo , S. Sivasubramanian, XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133089]
	15	C. Ribeiro, A. Z'laquete, P. Ferreira, and P. Guedes. SPL: An access control language for security policies with complex constraints. In NDSS '01: Network and Distributed System Security Symposium, 2001.
	16	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000  [doi>10.1145/353323.353382]
	17	Sun Microsystems. Sun's XACML implementation. http://sunxacml.sourceforge.net/.
	18	Duminda Wijesekera , Sushil Jajodia, Policy algebras for access control the predicate case, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586134]
	19	Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003  [doi>10.1145/762476.762481]
	20	XACML TC. OASIS eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xacml/.
	21	Gilles Audemard , Piergiorgio Bertoli , Alessandro Cimatti , Artur Kornilowicz , Roberto Sebastiani, A SAT Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions, Proceedings of the 18th International Conference on Automated Deduction, p.195-210, July 27-30, 2002
	22	M. Bozzano, R. Bruttomesso, A. Cimatti, T. A. Junttila, P. van Rossum, S. Schulz, and R. Sebastiani. An incremental and layered procedure for the satisfiability of linear arithmetic logic. In TACAS, pages 317--333, 2005