Comparing Rule-Based Policies

Author

Bonatti, P.A. ; Mogavero, F.

Author_Institution

Univ. di Napoli Federico II, Naples

fYear

2008

fDate

2-4 June 2008

Firstpage

11

Lastpage

18

Abstract

Policy comparison is useful for a variety of applications, including policy validation and policy-aware service selection. While policy comparison is somewhat natural for policy languages based on description logics, it becomes rather difficult for rule-based policies. When policies have recursive rules, the problem is in general undecidable. Still most policies require some form of recursion to model - say - subject and object hierarchies, and certificate chains. In this paper, we show how policies with recursion can be compared by adapting query optimization techniques developed for the relational algebra. We prove soundness and completeness of our method, discuss the compatibility of the restrictive assumptions we need w.r.t. our reference application scenarios, and report the results of a preliminary set of experiments to prove the practical applicability of our approach.

Keywords

recursive functions; relational algebra; description logics; policy comparison; policy languages; policy validation; policy-aware service selection; query optimization; recursive rules; relational algebra; rule-based policy; Algebra; Arithmetic; Authorization; Automata; Conferences; Logic functions; Network servers; Privacy; Query processing; Security; Datalog query containment; Policy comparison; Policy compliance; Policy verification; Policy-aware service selection; Rule-based policies;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2008. POLICY 2008. IEEE Workshop on

Conference_Location

Palisades, NY

Print_ISBN

978-0-7695-3133-5

Type

conf

DOI

10.1109/POLICY.2008.16

Filename

4556573