Interdomain Policy Conflicts

In the upcoming ambient intelligence applications, services provided by heterogeneous and often mobile platforms are combined to build intelligent environments. As these mobile services are hosted within different administrative domains, equally respecting security policies of all services becomes a challenge and conflicts between the policies of different domains can occur. The paper proposes an approach to resolve conflicts between policies of different administrative domains at run time by means of metapolicies. The proposed metapolicy model allows policy administrators to define certain guarantees that must not be overwritten in any case, thereby acting as invariant security properties. It presents a use case example illustrating how the approach provides a resolution of crossdomain conflicts, describe the underlying policy model based on description logics (DLs), explain how access requests are decided and interdomain conflicts are handled, and discuss a proof-of-concept implementation of the approach.