Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2015: Network and System Security pp 191–205Cite as

A Framework for Policy Similarity Evaluation and Migration Based on Change Detection

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Abstract

Access control facilitates controlled sharing and protection of resources in an enterprise. However, given the ubiquity of collaborative applications and scenarios, enterprises no longer function in isolation. Being able to measure policy similarity and integrate heterogeneous policies appropriately is an essential step towards secure interoperation. Existing approaches for measuring policy similarity are based on computing similarity between different components of the access control policy. However, this does not provide a pathway for integrating policies, and may not sufficiently take the security context into account. In this paper, we propose a holistic change detection approach that enables policy similarity evaluation and policy migration. Our approach more comprehensively takes into account different access control semantics to compute policy similarity and finds the common organizational policy with the least cost.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, D., Giles, J., Lee, K.-W., Lobo, J.: Policy ratification. In: POLICY 2005, pp. 223–232. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  2. Backes, M., Dürmuth, M., Steinwandt, R.: An algebra for composing enterprise privacy policies. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)

    Article  Google Scholar 

  4. Bruns, G., Dantas, D.S., Huth, M.: A simple and expressive semantic framework for policy composition in access control. In: Proceedings of the 5th ACM Workshop on Formal Methods in Security Engineering (2007)

    Google Scholar 

  5. Cobena, G., Abiteboul, S., Marian, A.: Detecting changes in xml documents. In: ICDE (2002)

    Google Scholar 

  6. Dawson, S., Qian, S., Samarati, P.: Providing security and interoperation of heterogeneous systems. Distributed and Parallel Databases 8, 119–145 (2000)

    Article  Google Scholar 

  7. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE, pp. 196–205 (2005)

    Google Scholar 

  8. Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE TSE 22(1), 43–52 (1996)

    Google Scholar 

  9. Koch, M., Mancini, L.V., Parisi-Presicce, F.: On the specification and evolution of access control policies. In: SACMAT 2001, pp. 121–130 (2001)

    Google Scholar 

  10. Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: SACMAT 2007, pp. 1–10. ACM, New York (2007)

    Google Scholar 

  11. Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE TSE 25(6), 852–869 (1999)

    Google Scholar 

  12. Mazzoleni, P., Bertino, E., Crispo, B., Sivasubramanian, S.: Xacml policy integration algorithms: not to be confused with xacml policy combination algorithms! In: SACMAT 2006, New York, NY, USA, pp. 219–227 (2006)

    Google Scholar 

  13. McDaniel, P., Prakash, A.: Methods and limitations of security policy reconciliation. ACM Transactions on Information and System Security 9(3) (2006)

    Google Scholar 

  14. Moffett, J.D., Sloman, M.S.: Policy conflict analysis in distributed system management. Journal of Organizational Computing (1993)

    Google Scholar 

  15. Moses, T.: Extensible access control markup language (XACML) version 1.0. Technical report, OASIS (2003)

    Google Scholar 

  16. Peters, L.: Change detection in XML trees: a survey. In: 3rd Twente Student Conference on IT. University of Twente, June 2005

    Google Scholar 

  17. Shafiq, B., Joshi, J., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing rbac policies. IEEE Trans. Knowl. Data Eng. 17(11), 1557–1577 (2005)

    Article  Google Scholar 

  18. Lin, D., Rao, P., Ferrini, R., Bertino, E., Lobo, J.: A similarity measure for comparing XACML policies. IEEE Trans. Knowl. Data Eng. 25(9), 1946–1959 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Rutgers University, Newark, NJ, 07102, USA

    Jaideep Vaidya, Vijayalakshmi Atluri & David Lorenzi

  2. Lahore University of Management Sciences, Lahore, Pakistan

    Basit Shafiq

Authors
  1. Jaideep Vaidya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Basit Shafiq
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijayalakshmi Atluri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Lorenzi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jaideep Vaidya .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Vaidya, J., Shafiq, B., Atluri, V., Lorenzi, D. (2015). A Framework for Policy Similarity Evaluation and Migration Based on Change Detection. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation