Dianxiang Xu presented his research paper “Formalizing Semantic Differences between Combining Algorithms in XACML 3.0 Policies” at the 2015 IEEE International Conference on Software Quality, Reliability, and Security (QRS 2015) held in Vancouver, Canada, Aug. 3-5. QRS is an annual event sponsored by the Institute of Electrical and Electronics Engineers (IEEE). Through a rigorous review process of full paper submissions, QRS 2015 selected only 22 percent of the 91 submissions as regular papers for presentation. Xu’s submission is one of the top three papers that received special recognition at the conference. The co-authors are research associate Yunpeng Zhang and graduate student Ning Shen.
XACML is an industry-standard for specifying security policies that regulate “who can access what” in computer and information systems. It provides a number of combining algorithms for the composition of security policies. However, the differences in the algorithms are not easily observed. To correctly use the combining algorithms, understanding the subtle differences is important. Xu’s work formalized the semantic differences between the commonly used combining algorithms. This work offered a rigorous way to understand and use the algorithms and build a solid foundation to formally analyze the algorithms.