ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An approach to evaluate policy similarity
Full text PdfPdf (247 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 12th ACM symposium on Access control models and technologies table of contents
Sophia Antipolis, France
SESSION: Policy management table of contents
Pages: 1 - 10  
Year of Publication: 2007
ISBN:978-1-59593-745-2
Authors
Dan Lin  Purdue University, West Lafayette, IN
Prathima Rao  Purdue University, West Lafayette, IN
Elisa Bertino  Purdue University, West Lafayette, IN
Jorge Lobo  IBM T.J. Watson Research Center, Yorktown, NY
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 128,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1266840.1266842
What is a DOI?

ABSTRACT

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Dakshi Agrawal , James Giles , Kang-Won Lee , Jorge Lobo, Policy Ratification, Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05), p.223-232, June 06-08, 2005  [doi>10.1109/POLICY.2005.25]
2
Tanvir Ahmed , Anand R. Tripathi, Static verification of security requirements in role based CSCW systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775438]
3
Michael Backes , Günter Karjoth , Walid Bagga , Matthias Schunter, Efficient comparison of enterprise privacy policies, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus  [doi>10.1145/967900.967983]
 
4
M. Ehrig, P. Haase, M. Hefke, and N. Stojanovic. Similarity for ontologies - a comprehensive framework. In Proceedings of the 13th European Conference on Information Systems, Information Systems in a Rapidly Changing Economy (ECIS), 2005.
5
Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , Michael Carl Tschantz, Verification and change-impact analysis of access-control policies, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062502]
 
6
D. P. Guelev, M. Ryan, and P. Schobbens. Model-checking access control policies. In Proceedings of the 7th Information Security Conference (ISC), pages 219--230, 2004.
 
7
Timothy C. Hoad , Justin Zobel, Methods for identifying versioned and plagiarized documents, Journal of the American Society for Information Science and Technology, v.54 n.3, p.203-215, February 1, 2003  [doi>10.1002/asi.10170]
8
M. Koch , L. V. Mancini , F. Parisi-Presicce, On the specification and evolution of access control policies, Proceedings of the sixth ACM symposium on Access control models and technologies, p.121-130, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373280]
 
9
Emil C. Lupu , Morris Sloman, Conflicts in Policy-Based Distributed Systems Management, IEEE Transactions on Software Engineering, v.25 n.6, p.852-869, November 1999  [doi>10.1109/32.824414]
10
P. Mazzoleni , E. Bertino , B. Crispo , S. Sivasubramanian, XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133089]
 
11
Similarity Flooding: A Versatile Graph Matching Algorithm and Its Application to Schema Matching, Proceedings of the 18th International Conference on Data Engineering, p.117, February 26-March 01, 2002
12
Donald Metzler , Yaniv Bernstein , W. Bruce Croft , Alistair Moffat , Justin Zobel, Similarity measures for tracking information flow, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany  [doi>10.1145/1099554.1099695]
 
13
Tova Milo , Sagit Zohar, Using Schema Matching to Simplify Heterogeneous Data Translation, Proceedings of the 24rd International Conference on Very Large Data Bases, p.122-133, August 24-27, 1998
 
14
J. D. Moffett and M. S. Sloman. Policy conflict analysis in distributed system management. Journal of Organizational Computing, 1993.
 
15
T. Moses. Extensible access control markup language (xacml) version 1.0. Technical report, OASIS, 2003.
 
16
Erhard Rahm , Philip A. Bernstein, A survey of approaches to automatic schema matching, The VLDB Journal — The International Journal on Very Large Data Bases, v.10 n.4, p.334-350, December 2001  [doi>10.1007/s007780100057]
17
Andreas Schaad , Jonathan Moffett , Jeremy Jacob, The role-based access control system of a European bank: a case study and discussion, Proceedings of the sixth ACM symposium on Access control models and technologies, p.3-9, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373257]
 
18
N. Zhang, M. Ryan, and D. P. Guelev. Evaluating access control policies through model checking. In Proceedings of the 8th Information Security Conference (ISC), pages 446--460, 2005.

CITED BY  3
Steven Davy , Brendan Jennings , John Strassner, The policy continuum-Policy authoring and conflict analysis, Computer Communications, v.31 n.13, p.2981-2995, August, 2008
Fatih Turkmen , Bruno Crispo, Performance evaluation of XACML PDP implementations, Proceedings of the 2008 ACM workshop on Secure web services, October 31-31, 2008, Alexandria, Virginia, USA
Chiu-Man Yu , Kam-Wing Ng, DPMF: A policy management framework for heterogeneous authorization systems in grid environments, Multiagent and Grid Systems, v.5 n.2, p.235-263, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Algorithms, Design, Measurement


Keywords:
XACML policies, access control policies, policy similarity measure

Collaborative Colleagues:
Dan Lin: colleagues
Prathima Rao: colleagues
Elisa Bertino: colleagues
Jorge Lobo: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player