Graph-theoretic method for merging security system specifications

Authors:
Guoli Ding;Jianhua Chen;R. F. Lax;Peter P. Chen
Affiliations:
Department of Mathematics, Louisiana State University, Baton Rouge, LA 70803, United States;Department of Computer Science, 298 Coates Hall, Louisiana State University, Baton Rouge, LA 70803, United States;Department of Mathematics, Louisiana State University, Baton Rouge, LA 70803, United States;Department of Computer Science, 298 Coates Hall, Louisiana State University, Baton Rouge, LA 70803, United States
Venue:
Information Sciences: an International Journal
Year:
2007

Citing 9
Cited 4

The entity-relationship model—toward a unified view of data

ACM Transactions on Database Systems (TODS) - Special issue: papers from the international conference on very large data bases: September 22–24, 1975, Framingham, MA
Identifying approximately common substructures in trees based on a restricted edit distance

Information Sciences: an International Journal
A graph-based formalism for RBAC

ACM Transactions on Information and System Security (TISSEC)
Methods and Limitations of Security Policy Reconciliation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Catalog Integration for Electronic Commerce through Category-Hierarchy Merging Technique

RIDE '02 Proceedings of the 12th International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE'02)
Administrative scope in the graph-based framework

Proceedings of the ninth ACM symposium on Access control models and technologies
Security Policy Reconciliation in Distributed Computing Environments

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Ontology-based concept similarity in Formal Concept Analysis

Information Sciences: an International Journal
Unauthorized inferences in semistructured databases

Information Sciences: an International Journal

Securing provenance

HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
A Consensus-Based Integration Method for Security Rules

KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part I
Flexible secure inter-domain interoperability through attribute conversion

Information Sciences: an International Journal
Supporting velocity of investigation with behavior analysis of malware

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

Quantified Score

Hi-index	0.07

Visualization

Abstract

Computer security policies specify conditions for permissions to access various computer resources and information. Merging two security policies is needed when two organizations, together with their computer systems, merge into one entity as in corporate business acquisition. We propose a graph-theoretic method for merging the role/object hierarchies of two security policies. The formulation of merged hierachies is based on the graph minor relation in graph theory. Ideally, the merged role hierarchy should contain both the participating role hierarchies as graph minors, and similarly for the object hierarchy. We show that one can decide in polynomial time whether this ideal case is possible when the participating hierarchies are trees. We also show that in case the merged hierarchy exists, it can be constructed in polynomial time. Algorithms for detecting the feasibility of an ideal merged tree and for constructing the merged tree are presented. Our hierarchy/tree merge method is also applicable to the integration of heterogeneous databases with generalization hierarchies.