Abstract
This paper considers methods for knowledge exploitation in security policies for Service-Oriented Architecture (SOA) environments, discovering the modality conflicts in particular. Two algorithms for discovering SOA-specific modality conflicts are proposed. First, a trivial (ad-hoc) approach is presented and further extended by the improved algorithm which offers lower time complexity. The formal verification of the proposal is followed by experimental results confirming the expected supremacy of the improved algorithm.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Laskey, K., McCabe, F., Brown, P., MacKenzie, M. and Metz, R., “Reference model for Service Oriented Architecture,” OASIS Committee Draft 1.0, OASIS Open, 2006.
Lupu, E. and Sloman, M., “Conflicts in policy-based distributed systems management,” IEEE Transactions on Software Engineering, 25, pp. 852–869, September 1999.
Brodecki, B. and Sasak, P. and Szychowiak, M., “Security policy definition framework for SOA-based systems,” in 10th International Conference on Web Information Systems Engineering (WISE 2009) (Vossen, J. X. Y. G., Long, D. D. E. eds.), LNCS 5802, Springer-Verlag, pp. 589–596, 2009.
Baboescu, F. and Varghese, G., “Fast and scalable conflict detection for packet classifiers,” in 10th IEEE International Conference on Network Protocols., IEEE Comput. Soc., pp.270–279, 2002.
Abassi, R. and Fatmi, S.G.E., “Dealing with Multi Security Policies in Communication Networks,” in 5th International Conference on Networking and Services, IEEE, pp. 282–287, 2009.
Al-Shaer, E. and Hamed, H., “Modeling and Management of Firewall Policies,” IEEE Transactions on Network and Service Management, 1, 1, pp. 2–10, 2004.
Craven, R., Lobo, J., Lupu, E., Russo, A., Sloman, M. and Bandara, A., “A Formal Framework for Policy Analysis,” Technical Report DTR-2008/5, Department of Computing, Imperial College London, London, 2008.
Moffett, J. D. and Sloman, M., “Policy conflict analysis in distributed system management,” Journal of Organizational Computing, 4, pp. 1–22, 1994.
Dijkstra, E. W., “A Note on Two Problems in Connection with Graphs,” Numerical Mathematics, 1, pp. 269–271, 1959.
Tarjan, R. E. “Depth-first search and linear graph algorithms,” SIAM J. Comput., 1, 2, pp. 146–160, 1972.
Aspvall, B. and Plass, M. F. and Tarjan, R. E., “A linear-time algorithm for testing the truth of certain quantified boolean formulas,” Inf. Process. Lett., 8, 3, pp. 121–123, 1979.
She, W., Yen, I.L., Thuraisingham, B. and Bertino, E., “The scifc model for information flow control in web service composition,” in 2009 IEEE International Conference on Web Services (ICWS 2009), 2009.
Yildiz, U. and Godard, C., “Information flow control with decentralized service composition,” in 2009 IEEE International Conference on Web Services (ICWS 2009), 2007.
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Brodecki, B., Szychowiak, M. & Sasak, P. Security Policy Conflicts in Service-oriented Systems. New Gener. Comput. 30, 215–240 (2012). https://doi.org/10.1007/s00354-012-0206-8
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00354-012-0206-8