Semantic web technologies to aid dominance detection for access control policies

Author

Barron, Jonathan ; Davy, Steven

Author_Institution

Telecommun. Software & Syst. Group, Waterford Inst. of Technol., Waterford, Ireland

fYear

2013

fDate

27-31 May 2013

Firstpage

780

Lastpage

783

Abstract

We present a dominance detection algorithm as part of a policy authoring process that makes extensive use of semantic models to perform a novel dominance detection of access control policies, where groups of deployed policies are considered in unison to discover redundancy. The approach is targeted towards the pre-deployment stage of the policy authoring process and aims to help prevent the introduction of redundant policies into the system. To achieve this, semantic queries are executed over instances of new and deployed policy elements in order to select matching elements for further analysis. The semantic queries may return a large number of deployed policy elements so we present an algorithm that prunes the search space to reduce the problem size. We show that for large sets of deployed policies, we can discover relatively large sets that are considered dominant.

Keywords

authorisation; query processing; redundancy; semantic Web; access control policies; dominance detection algorithm; matching element selection; policy authoring process predeployment stage; problem size reduction; redundant policies; search space; semantic Web technologies; semantic models; semantic query execution; Access control; Algorithm design and analysis; Computational modeling; Ontologies; Optimization; Redundancy; Semantics;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on

Conference_Location

Ghent

Print_ISBN

978-1-4673-5229-1

Type

conf

Filename

6573077