TY - GEN
T1 - Security policy reconciliation in distributed computing environments
AU - Wang, Hao
AU - Jha, Somesh
AU - Livny, Miron
AU - McDaniel, Patrick D.
N1 - Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2004
Y1 - 2004
N2 - A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving different policies is known as policy reconciliation, which in general is an intractable problem. This paper addresses policy reconciliation in the context of security. We present a formal framework and hierarchical representation for security policies. Our hierarchical representation exposes the structure of the policies and leads to an efficient reconciliation algorithm. We also demonstrate that agent preferences for security mechanisms can be readily incorporated into our framework. We have implemented our reconciliation algorithm in a library called the Policy Reconciliation Engine or PRE. In order to test the implementation and measure the overhead of our reconciliation algorithm, we have integrated PRE into a distributed high-throughput system called Condor.
AB - A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving different policies is known as policy reconciliation, which in general is an intractable problem. This paper addresses policy reconciliation in the context of security. We present a formal framework and hierarchical representation for security policies. Our hierarchical representation exposes the structure of the policies and leads to an efficient reconciliation algorithm. We also demonstrate that agent preferences for security mechanisms can be readily incorporated into our framework. We have implemented our reconciliation algorithm in a library called the Policy Reconciliation Engine or PRE. In order to test the implementation and measure the overhead of our reconciliation algorithm, we have integrated PRE into a distributed high-throughput system called Condor.
UR - http://www.scopus.com/inward/record.url?scp=11244319622&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=11244319622&partnerID=8YFLogxK
U2 - 10.1016/j.aquaculture.2004.09.014
DO - 10.1016/j.aquaculture.2004.09.014
M3 - Conference contribution
AN - SCOPUS:11244319622
SN - 076952141X
SN - 9780769521411
T3 - Proceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004
SP - 137
EP - 146
BT - Proceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004
PB - IEEE Computer Society
T2 - Proceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004
Y2 - 7 June 2004 through 9 June 2004
ER -