XFPM‐RBAC: XML‐based specification language for security policies in multidomain mobile networks

Abstract

ABSTRACTWe present XFPM‐RBAC (XML‐based formal policy language for mobility with role‐based access control), an XML‐based specification language for specification of domain and interdomain security policies with location and mobility constraints based on role‐based access control. XFPM‐RBAC supports specification of locations, mobility, interdomain access rights, role mapping, and separation of duty (SOD) aspects of security policies. XFPM‐RBAC builds upon the FPM‐RBAC security policy model that we have recently proposed. XFPM‐RBAC consists of XML schemas, which define domain security policy, interdomain security policy, locations, mobility, and SOD constructs. A Security Policy Management Interface application is also developed for specification and administration of security policies as a prototype implementation of XFPM‐RBAC. XFPM‐RBAC supports extraction of formal specifications from security policies for the purpose of automated verification of security policies. Automated extraction of formal specifications is based on XSLT (Extensible Stylesheet Language Transformations). Formal specification of security policies together with location and mobility constraints within security policy rules are based on ambient calculus and ambient logic. Copyright © 2012 John Wiley & Sons, Ltd.