A COMPREHENSIVE APPROACH FOR SOLVING POLICY HETEROGENEITY

Rodolfo Ferrini, Elisa Bertino

2009

Abstract

With the increasing popularity of collaborative application, policy-based access control models have become the usual approach for access control enforcement. In the last years several tools have been proposed in order to support the maintenance of such policy-based systems. However, no one of those tools is able to deal with heterogeneous policies that is policies that belong to different domains and thus adopting different terminologies. In this paper, we propose a stack of function that allow us to create a unified vocabulary for a multidomain policy set. This unified vocabulary can then be exploited by analysis tools improving accuracy in the results and thus applicability in real case scenarios. In our model, we represent the vocabulary of a policy adopting ontologies. With an ontology it is possible to describe a certain domain of interest providing richer information than a plain list of terms. On top of this additional semantic data it is possible to define complex functions such as ontology matching, merging and extraction that can be combined together in the creation of the unified terminology for the policies under consideration. Along with the definition of the proposed model, detailed algorithms are also provided. We also present experimental results which demonstrate the efficiency and practical value of our approach.

References

  1. Ferrini, R. and Bertino, E. (2009). A comprehensive approach for solving policy heterogeneity. Technical report, Purdue University, Department of Computer Science, CERIAS.
  2. Fisler, K., Krishnamurthi, S., Meyerovich, L. A., and Tschantz, M. C. (2005). Verification and changeimpact analysis of acces scontrol policies. In Proceedings of the International Conference on Software Engineering (ICSE), pages 196-205.
  3. Hu, W., Qu, Y., and Cheng, G. (2008). Matching large ontologies: A divide-and-conquer approach. Data & Knowledge Engineering, 67(1):140-160.
  4. Kagal, L., Berners-Lee, T., Connolly, D., and Weitzner, D. (2006). Using semantic web technologies for policy management on the web. In 21st National Conference on Artificial Intelligence (AAAI).
  5. Kolovski, V., Hendler, J., and Parsia, B. (2007). Analyzing web access control policies. In Proceedings of the International World Wide Web Conference WWW 2007, pages 677-686.
  6. Lin, D., Rao, P., Bertino, E., and Lobo, J. (2007). An approach to evaluate policy similarity. In SACMAT 7807: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pages 1-10, New York, NY, USA. ACM Press.
  7. Moses, T. (2005). Extensible access control markup language (XACML) version 2.0. OASIS Standard.
  8. Rao, P., Lin, D., Bertino, E., Li, N., and Lobo, J. (2008). Exam: An environment for access control policy analysis and management. In POLICY, pages 238-240.
  9. Shvaiko, P. and Euzenat, J. (2005). A survey of schemabased matching approaches. Journal on Data Semantics IV, pages 146-171.
Download


Paper Citation


in Harvard Style

Ferrini R. and Bertino E. (2009). A COMPREHENSIVE APPROACH FOR SOLVING POLICY HETEROGENEITY . In Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8111-86-9, pages 63-68. DOI: 10.5220/0001951500630068


in Bibtex Style

@conference{iceis09,
author={Rodolfo Ferrini and Elisa Bertino},
title={A COMPREHENSIVE APPROACH FOR SOLVING POLICY HETEROGENEITY},
booktitle={Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2009},
pages={63-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001951500630068},
isbn={978-989-8111-86-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A COMPREHENSIVE APPROACH FOR SOLVING POLICY HETEROGENEITY
SN - 978-989-8111-86-9
AU - Ferrini R.
AU - Bertino E.
PY - 2009
SP - 63
EP - 68
DO - 10.5220/0001951500630068