Privacy-aware policy matching

Security policies exchanged between applications are typically huge, complex and private. A server must publish these policies to permit any client that wants to use the service to match it with its own preferences and assess whether it complies with its security policy. This matching process consists of first verifying whether the client can access the service and then checks if the security policy of the server is compliant with the client´s privacy preferences. In this paper we propose a privacy-aware policy matching model, where security policies and user´s preferences are represented as binary vectors using bloom filter vectors. These vectors can be published by the server without any risk of disclosing its security policy. When the client wants to match this vector to its preferences vector it just compares the two binary arrays, without disclosing its policy. The binary comparison is also much faster and cost effective than parsing two XML files.