• DocumentCode
    1633260
  • Title

    Methods and limitations of security policy reconciliation

  • Author

    MDaniel, P. ; Prakash, Atul

  • fYear
    2002
  • fDate
    6/24/1905 12:00:00 AM
  • Firstpage
    73
  • Lastpage
    87
  • Abstract
    A security policy is a means by which participant session requirements are specified. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.
  • Keywords
    Internet; security of data; telecommunication security; Antigone communication system; Ismene policy language; efficient two-policy reconciliation; heuristics; participant session requirements; security policy reconciliation; Privacy; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-1543-6
  • Type

    conf

  • DOI
    10.1109/SECPRI.2002.1004363
  • Filename
    1004363