skip to main content
10.1145/1266840.1266842acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
Article

An approach to evaluate policy similarity

Published:20 June 2007Publication History

ABSTRACT

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.

References

  1. D. Agrawal, J. Giles, K. W. Lee, and J. Lobo. Policy ratification. In Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 223--232, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Ahmed and A. R. Tripathi. Static verification of security requirements in role based cscw systems. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 196--203, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Backes, G. Karjoth, W. Bagga, and M. Schunter. Efficient comparison of enterprise privacy policies. In Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), pages 375--382, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Ehrig, P. Haase, M. Hefke, and N. Stojanovic. Similarity for ontologies - a comprehensive framework. In Proceedings of the 13th European Conference on Information Systems, Information Systems in a Rapidly Changing Economy (ECIS), 2005.Google ScholarGoogle Scholar
  5. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering (ICSE), pages 196--205, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. P. Guelev, M. Ryan, and P. Schobbens. Model-checking access control policies. In Proceedings of the 7th Information Security Conference (ISC), pages 219--230, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  7. T. Hoad and J. Zobel. Methods for identifying versioned and plagiarized documents. Journal of the American Society for Information Science and Technology, 54(3):203--215, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Koch, L. V. Mancini, and F. P.-Presicce. On the specification and evolution of access control policies. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 121--130, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. E. Lupu and M. Sloman. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering (TSE), 25(6):852--869, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Mazzoleni, E. Bertino, and B. Crispo. Xacml policy integration algorithms. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 223--232, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. S. Melnik, H. Garcia-Molina, and E. Rahm. Similarity flooding: A versatile graph matching algorithm and its application to schema matching. In Proceedings of the 18th International Conference on Data Engineering (ICDE), pages 117--128, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Metzler, Y. Bernstein, W. B. Croft, A. Moffat, and J. Zobel. Similarity measures for tracking information flow. In Proceedings of the 14th ACM international conference on Information and knowledge management (CIKM), pages 517--524, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. T. Milo and S. Zohar. Using schema matching to simplify heterogeneous data translation. In Proceedings of the 24th International Conference of Very Large Data Bases (VLDB), pages 122--133, 24-27 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. D. Moffett and M. S. Sloman. Policy conflict analysis in distributed system management. Journal of Organizational Computing, 1993.Google ScholarGoogle Scholar
  15. T. Moses. Extensible access control markup language (xacml) version 1.0. Technical report, OASIS, 2003.Google ScholarGoogle Scholar
  16. E. Rahm and P. A. Bernstein. A survey of approaches to automatic schema matching. The International Journal on Very Large Data Bases (VLDB Journal), 10(4):334--350, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. Schaad, J. D. Moffett, and J. Jacob. The role-based access control system of a european bank: a case study and discussion. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 3--9, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. N. Zhang, M. Ryan, and D. P. Guelev. Evaluating access control policies through model checking. In Proceedings of the 8th Information Security Conference (ISC), pages 446--460, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. An approach to evaluate policy similarity

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies
        June 2007
        254 pages
        ISBN:9781595937452
        DOI:10.1145/1266840

        Copyright © 2007 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 20 June 2007

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • Article

        Acceptance Rates

        Overall Acceptance Rate177of597submissions,30%

        Upcoming Conference

        SACMAT 2024

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader