English

PML: An Interpreter-Based Access Control Policy Language for Web Services

Cryptography and Security 2019-03-26 v1

Abstract

Access control is an important component for web services such as a cloud. Current clouds tend to design the access control mechanism together with the policy language on their own. It leads to two issues: (i) a cloud user has to learn different policy languages to use multiple clouds, and (ii) a cloud service provider has to customize an authorization mechanism based on its business requirement, which brings high development cost. In this work, a new access control policy language called PERM modeling language (PML) is proposed to express various access control models such as access control list (ACL), role-based access control (RBAC) and attribute-based access control (ABAC), etc. PML's enforcement mechanism is designed in an interpreter-on-interpreter manner, which not only secures the authorization code with sandboxing, but also extends PML to all programming languages that support Lua. PML is already adopted by real-world projects such as Intel's RMD, VMware's Dispatch, Orange's Gobis and so on, which proves PML's usability. The performance evaluation on OpenStack, CloudStack and Amazon Web Services (AWS) shows PML's enforcement overhead per request is under 5.9us.

Keywords

Cite

@article{arxiv.1903.09756,
  title  = {PML: An Interpreter-Based Access Control Policy Language for Web Services},
  author = {Yang Luo and Qingni Shen and Zhonghai Wu},
  journal= {arXiv preprint arXiv:1903.09756},
  year   = {2019}
}

Comments

15 pages, 2 figures

R2 v1 2026-06-23T08:16:54.464Z