Introduction to mathematical logic (3rd ed.)
Introduction to mathematical logic (3rd ed.)
The X-Kernel: An Architecture for Implementing Network Protocols
IEEE Transactions on Software Engineering
Coyote: a system for constructing fine-grain configurable communication services
ACM Transactions on Computer Systems (TOCS)
Building reliable, high-performance communication systems from components
Proceedings of the seventeenth ACM symposium on Operating systems principles
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Secret-Key Agreement without Public-Key Cryptography
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
The complexity of satisfiability problems
STOC '78 Proceedings of the tenth annual ACM symposium on Theory of computing
The complexity of theorem-proving procedures
STOC '71 Proceedings of the third annual ACM symposium on Theory of computing
The Complexity and Composability of Secure Interoperation
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Policy management in secure group communication
Policy management in secure group communication
Security Policy Reconciliation in Distributed Computing Environments
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Antigone: a flexible framework for secure group communication
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A java beans component architecture for cryptographic protocols
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Context-Aware Identity Management in Pervasive Ad-hoc Environments
International Journal of Advanced Pervasive and Ubiquitous Computing
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Ensuring continuous compliance through reconciling policy with usage
Proceedings of the 18th ACM symposium on Access control models and technologies
Knowledge-Based Policy Conflict Analysis in Mobile Social Networks
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.