An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
The policy continuum-Policy authoring and conflict analysis
Computer Communications
UIC '08 Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing
Formal analysis of policy-based self-adaptive systems
Proceedings of the 2010 ACM Symposium on Applied Computing
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Visualization for access control policy analysis results using multi-level grids
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Analysis of privacy and security policies
IBM Journal of Research and Development
Privacy-preserving similarity measurement for access control policies
Proceedings of the 6th ACM workshop on Digital identity management
Strategies for network resilience: capitalising on policies
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Anomaly discovery and resolution in web access control policies
Proceedings of the 16th ACM symposium on Access control models and technologies
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
It is not sufficient to merely check the syntax of new policies before they are deployed in a system; policies need to be analyzed for their interactions with each other and with their local environment. That is, policies need to go through a ratification process. We believe policy ratification becomes an essential part of system management as the number of policies in the system increases and as the system administration becomes more decentralized. In this paper, we focus on the basic tasks involved in policy ratification. To a large degree, these basic tasks can be performed independent of policy model and language and require little domain-specific knowledge. We present algorithms from constraint, linear, and logic programming disciplines to help perform ratification tasks. We provide an algorithm to efficiently assign priorities to the policies based on relative policy preferences indicated by policy administrators. Finally, with an example, we show how these algorithms have been integrated with our policy system to provide feedback to a policy administrator regarding potential interactions of policies with each other and with their deployment environment.