Methods and limitations of security policy reconciliation

Patrick Mcdaniel, Atul Prakash

Research output: Contribution to journalArticlepeer-review

42 Scopus citations


A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.

Original languageEnglish (US)
Pages (from-to)259-291
Number of pages33
JournalACM Transactions on Information and System Security
Issue number3
StatePublished - Aug 1 2006

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Methods and limitations of security policy reconciliation'. Together they form a unique fingerprint.

Cite this