Affiliation:
1. Computer Science and Engineering, Pennsylvania State University, University Park, PA
2. Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, MI
Abstract
A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference45 articles.
1. Bellovin S. November 1999. Distributed Firewalls. USENIX ;login: 39--47.]] Bellovin S. November 1999. Distributed Firewalls. USENIX ;login: 39--47.]]
2. Coyote
Cited by
30 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Secure Cloud Storage with a Sanitizable Access Control System Again Malicious Data Publisher;INTI Journal;2024-08
2. A Method of Conflict Detection for Cooperative Defense Strategy in Power Industrial Control System;2020 Eighth International Conference on Advanced Cloud and Big Data (CBD);2020-12
3. Methods and Tools for Policy Analysis;ACM Computing Surveys;2019-11-30
4. Elastic Trust Model for Dynamically Evolving Trust Frameworks;IEICE Transactions on Information and Systems;2019-09-01
5. Curie;Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy;2019-03-13