TXACML—An Access Control Policy Framework Based on Trusted Platform

Trusted platform based on trusted hardware has been used widely in the access control of content distributed environment. To express trusted platform policy by a standard language, XACML is introduced to trusted platform. But XACML does not provide attribute evaluation function for platform, which can not meet the access control requirement of the trusted platform. In this paper, the access control requirement is divided into data distribution and access on the trusted platform. Then based on this analysis, a classification rule for trusted platform attribute and the corresponding attribute evaluation function are proposed, which can be used in the safe distribution and access of trusted platform data. In XACML combining algorithms, an administrative center is always needed, which could not be considered conforming to the policy combining requirement of the trusted platform. A policy combining algorithm based on trusted degree of the platform is presented to combine the policy of independent parties, which makes the policy preference be in conformance with trusted degree of the platform. Furthermore, based on the evaluation function and combining algorithm, XACML is extended to form a policy language framework based on trusted platform-TXACML. The policy description and combining process for an instance are given subsequently, proving the validity of TXACML.