Policy mediation for multi-enterprise environments

Author

Galiasso, P. ; Bremer, O. ; Hale, J. ; Shenoi, S. ; Ferraiola, D. ; Hu, V.

Author_Institution

Center for Inf. Security, Tulsa Univ., OK, USA

fYear

2000

fDate

36861

Firstpage

100

Lastpage

106

Abstract

Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture for coordinating diverse policies in large information networks. The language-based approach adopted by each of these technologies permits local and global access control policy validation with static analysis and other formal techniques. Together the Policy Machine and Policy Mediation Architecture comprise an effective system for closing policy gaps in multi-enterprise environments

Keywords

authorisation; business data processing; information networks; software architecture; Policy Machine; Policy Mediation Architecture; access control policy management; formal techniques; heterogeneous information networks; large enterprise information networks; middleware; multi-enterprise environments; policy mediation; software infrastructures; static analysis; uniform security services; Access control; Authentication; Communication system security; Computer science; Databases; Fasteners; Information security; Mediation; Middleware; NIST;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

Conference_Location

New Orleans, LA

Print_ISBN

0-7695-0859-6

Type

conf

DOI

10.1109/ACSAC.2000.898863

Filename

898863