A Rewriting System for the Assessment of XACML Policies Similarity

We propose in this paper a policies similarity approach which is performed in three steps. The first step is concerned with the formalization of a XACML policy as a term in a boolean algebra while taking into account the policy and rule combining algorithms. This formalization is based on Security Policy Language (SePL) which was proposed in a previous work. In the second step, the SePL term is transformed into a term in a boolean ring. In the third step, the two policy terms, which are derived from the previous step, are the input to a rewriting system to conclude which kind of relation exists between these security policies such as equivalence, restriction, inclusion, and divergence. We provide a case study of our approach based on real XACML policies and also an empirical evaluation of its performance.