Security policy reconciliation in distributed computing environments

Author

Wang, Hao ; Jha, Somesh ; Livny, Miron ; McDaniel, Patrick D.

Author_Institution

Dept. of Comput. Sci., Wisconsin Univ., Madison, WI, USA

fYear

2004

fDate

7-9 June 2004

Firstpage

137

Lastpage

146

Abstract

A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving different policies is known as policy reconciliation, which in general is an intractable problem. This paper addresses policy reconciliation in the context of security. We present a formal framework and hierarchical representation for security policies. Our hierarchical representation exposes the structure of the policies and leads to an efficient reconciliation algorithm. We also demonstrate that agent preferences for security mechanisms can be readily incorporated into our framework. We have implemented our reconciliation algorithm in a library called the policy reconciliation engine or PRE. In order to test the implementation and measure the overhead of our reconciliation algorithm, we have integrated PRE into a distributed high-throughput system called Condor.

Keywords

distributed algorithms; distributed object management; formal specification; resource allocation; security of data; Condor; agent preferences; distributed computing environments; distributed high-throughput system; formal framework; hierarchical representation; policy reconciliation engine; reconciliation algorithm; resource sharing; security mechanisms; security policy reconciliation; Bridges; Collaboration; Contracts; Distributed computing; Engines; Government; Lead; Libraries; Security; System testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on

Print_ISBN

0-7695-2141-X

Type

conf

DOI

10.1109/POLICY.2004.1309160

Filename

1309160