Security Policy Reconciliation in Distributed Computing Environments

Abstract

A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving different policies is known as policy reconciliation, which in general is an intractable problem. This paper addresses policy reconciliation in the context of security. We present a formal framework and hierarchical representation for security policies. Our hierarchical representation exposes the structure of the policies and leads to an efficient reconciliation algorithm. We also demonstrate that agent preferences for security mechanisms can be readily incorporated into our framework. We have implemented our reconciliation algorithm in a library called the Policy Reconciliation Engine or PRE. In order to test the implementation and measure the overhead of our reconciliation algorithm, we have integrated PRE into a distributed high-throughput system called Condor.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2006
Accession Number
ADA449092

Entities

People

  • Hao Wang
  • Miron Livny
  • Patrick D. Mcdaniel
  • Somesh Jha

Organizations

  • University of Wisconsin Madison Department of Computer Science

Tags

Communities of Interest

  • C4I
  • Energy and Power Technologies
  • Human Systems

DTIC Thesaurus Topics

  • Algorithms
  • Authentication
  • Computer Access Control
  • Computer Programs
  • Computer Science
  • Computing System Architectures
  • Cryptography
  • Distributed Computing
  • Electronic Mail
  • Environment
  • Language
  • Law
  • Security
  • Security Protocols
  • Specifications
  • Systems Engineering
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Adaptive Control and Estimation with Uncertainty in Dynamic Systems.
  • Distributed Systems and Data Platform Development
  • Military and Counterinsurgency Studies.