The evolving smart and interconnected systems are designed to operate with minimal human intervention. Devices within these smart systems often engage in prolonged operations based on sensor data and contextual factors. Recently, an Activity-Centric Access Control (ACAC) model has been introduced to regulate these prolonged operations, referred to as activities, which undergo state changes over extended duration of time. Dependencies among different activities can influence and restrict the execution of one another, necessitating active and real-time monitoring of the dependencies between activities to prevent security violation. In the ACAC model, the activity dependencies, denoted as "D", is considered as a decision parameter for controlling a requested activity. These dependencies must be evaluated throughout all phases of an activity's life cycle. To ensure the consistency of access control rules across diverse domains and applications, a standard policy language is essential. We propose a policy framework adapting the widely-used eXtensible Access Control Markup Language (XACML) , referred to as $\mathrm{XACML_{AD}}$, to specify the activity dependency policies. This work involves extending the syntax and semantics of XACML by introducing new elements to check dependent activities' states and handle state updates on dependent activities. In addition to the language extension, we present the enforcement architecture and data flow model of evaluating policies for activity dependencies. The integration of the proposed $\mathrm{XACML_{AD}}$ policy framework and the enforcement of the policies supports dependency evaluation, necessary updates and continuous enforcement of policies to control an activity throughout its life cycle. We implement the enforcement architecture exploiting the $\mathrm{XACML_{AD}}$ policy framework and discuss the performance evaluation results.

翻译：随着智能互联系统的发展，其设计目标是在最小化人工干预的情况下运行。这些智能系统中的设备常依据传感器数据和上下文因素执行长时间持续的操作。近期提出的以活动为中心的访问控制（ACAC）模型旨在规范这类跨时长状态演变的持续性操作（即活动）。不同活动间的依赖关系会相互影响并制约执行，因此需要主动实时监控活动间的依赖关系以防止安全违规。在ACAC模型中，活动依赖关系（记为"D"）作为控制请求活动的决策参数，需在活动生命周期的所有阶段进行评估。为确保跨领域及跨应用的访问控制规则一致性，标准化策略语言不可或缺。我们提出了一种适配广泛使用的可扩展访问控制标记语言（XACML）的策略框架$\mathrm{XACML_{AD}}$，用于规约活动依赖策略。该工作通过引入检验依赖活动状态及处理依赖活动状态更新的新元素，扩展了XACML的语法与语义。除语言扩展外，我们提出了评估活动依赖策略的实施架构与数据流模型。所提出的$\mathrm{XACML_{AD}}$策略框架与策略实施的集成，支持依赖评估、必要更新及持续策略执行，从而在活动全生命周期内实现控制。我们基于$\mathrm{XACML_{AD}}$策略框架构建了实施架构，并讨论了性能评估结果。