On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Resolving constraint conflicts
Proceedings of the ninth ACM symposium on Access control models and technologies
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Guest Editorial: From intrusion detection to self-protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Graph-theoretic method for merging security system specifications
Information Sciences: an International Journal
Enforcing provisioning and authorization policy in the Antigone system
Journal of Computer Security
Partial and Fuzzy Constraint Satisfaction to Support Coalition Formation
Electronic Notes in Theoretical Computer Science (ENTCS)
Protecting users from "themselves"
Proceedings of the 2007 ACM workshop on Computer security architecture
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Semantically rich application-centric security in Android
Security and Communication Networks
Decentralized governance of distributed systems via interaction control
Logic Programs, Norms and Action
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
A security policy is a means by which participant session requirements are specified. However, existing frameworks provide limited facilities for the automatereconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.