Title :
Efficient Policy Checking across Administrative Domains
Author :
Evans, David ; Eyers, David M.
Author_Institution :
Comput. Lab., Univ. of Cambridge, Cambridge, UK
Abstract :
Information flow control provides formal techniques for specifying policies that dictate what data may flow where, and for ensuring compliance with those policies. In event-based systems, this amounts to deciding whether a particular event should be delivered to a recipient and what parts of that event the recipient should be allowed to see. This is usually effected through labels that identify the privileges required for access to, and the integrity of, parts of events. Within an organisation, agreement on the meanings of these labels can be reached by flat. However, when multiple organisations are involved, interpretation of these labels is tied up with the data usage agreements defining how the organisations interact. We provide a means to link inter- and intra-organisation information flow control, using the same mechanism for each when checking policy compliance. Event producers are insulated from concerns about whether event receivers are within their organisation or outside it.
Keywords :
data flow computing; formal specification; organisational aspects; administrative domains; data usage agreement; efficient policy checking; event-based system; formal techniques; inter-organisation information flow control; intra-organisation information flow control; policy compliance; policy specification; Calculus; Engines; Logic gates; Middleware; Receivers; Security; Subscriptions;
Conference_Titel :
Policies for Distributed Systems and Networks (POLICY), 2010 IEEE International Symposium on
Conference_Location :
Fairfax, VA
Print_ISBN :
978-1-4244-8206-1
Electronic_ISBN :
978-0-7695-4238-6
DOI :
10.1109/POLICY.2010.36
