Abstract
Modern paradigms for building distributed systems allow an easy separation of business logic and security concerns. The latter can be efficiently managed with the use of a security policy. The security policy consists of rules controlling interactions between system components, including access restrictions, communication protection, etc. However, due to the compound structure of modern distributed systems, the policy often suffers from inconsistencies (conflicts) which gravely degrade the efficiency of policy execution. In such policies, the main difficulty of conflict discovery and resolution lies in dealing with complex rule elements (such as user roles or service groups). An universal and efficient algorithm for discovering policy conflicts is proposed and discussed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abassi, R., Fatmi, S.G.E.: Dealing with Multi Security Policies in Communication Networks. In: 5th International Conference on Networking and Services ICNS, pp. 282–287 (2009)
Al-Shaer, E., Hamed, H.: Modeling and Management of Firewall Policies. IEEE Transactions on Network and Service Management 1, 2–10 (2004)
Baboescu, F., Varghese, G.: Fast and scalable conflict detection for packet classifiers. In: 10th IEEE International Conference on Network Protocols, pp. 270–279. IEEE Comput. Soc. (2002)
Brodecki, B., Brzeziski, J., Sasak, P., Szychowiak, M.: ModCon algorithm for discovering security policy conflicts. In: 6th Joint Workshop on Information Security – JWIS 2011 (2011)
Brodecki, B., Szychowiak, M.: Conflict discovery algorithms used in ORCA. Tech. Rep. TR-ITSOA-OB8-4-PR-11-03, Poznan University of Technology (2011)
Craven, R., Lobo, J., Lupu, E., Russo, A., Sloman, M., Bandara, A.: A Formal Framework for Policy Analysis. Tech. Rep. DTR-2008/5, Department of Computing, Imperial College London (2008)
Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering 25, 852–869 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brodecki, B., Brzeziński, J., Sasak, P., Szychowiak, M. (2012). Consistency Maintenance of Modern Security Policies. In: Thilagam, P.S., Pais, A.R., Chandrasekaran, K., Balakrishnan, N. (eds) Advanced Computing, Networking and Security. ADCONS 2011. Lecture Notes in Computer Science, vol 7135. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29280-4_55
Download citation
DOI: https://doi.org/10.1007/978-3-642-29280-4_55
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29279-8
Online ISBN: 978-3-642-29280-4
eBook Packages: Computer ScienceComputer Science (R0)