Security policy reconciliation in distributed computing environments

Hao Wang, Somesh Jha, Miron Livny, Patrick D. McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Scopus citations

Abstract

A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving different policies is known as policy reconciliation, which in general is an intractable problem. This paper addresses policy reconciliation in the context of security. We present a formal framework and hierarchical representation for security policies. Our hierarchical representation exposes the structure of the policies and leads to an efficient reconciliation algorithm. We also demonstrate that agent preferences for security mechanisms can be readily incorporated into our framework. We have implemented our reconciliation algorithm in a library called the Policy Reconciliation Engine or PRE. In order to test the implementation and measure the overhead of our reconciliation algorithm, we have integrated PRE into a distributed high-throughput system called Condor.

Original languageEnglish (US)
Title of host publicationProceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004
PublisherIEEE Computer Society
Pages137-146
Number of pages10
ISBN (Print)076952141X, 9780769521411
DOIs
StatePublished - 2004
EventProceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004 - Yorktown Heights, NY, United States
Duration: Jun 7 2004Jun 9 2004

Publication series

NameProceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004

Other

OtherProceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004
Country/TerritoryUnited States
CityYorktown Heights, NY
Period6/7/046/9/04

All Science Journal Classification (ASJC) codes

  • General Engineering

Fingerprint

Dive into the research topics of 'Security policy reconciliation in distributed computing environments'. Together they form a unique fingerprint.

Cite this