An Approach to Evaluate Policy Similarity

Get BibTex-formatted data

Author

Dan Lin, Prathima Rao, Elisa Bertino, Jorge Lobo

Entry type

conference

Abstract

Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.

Date

2007 – 06 – 20

Address

2 Penn Plaza, Suite 701 New York, New York 10121-0701

Journal

Proceedings of the 12th ACM Symposium on Access Control Models and Technologies

Key alpha

policysimilarity

Pages

1-10

Publisher

The Association for Computing Machinery

Affiliation

Department of Computer Science, Purdue University; IBM T.J. Watson Research Center

Publication Date

2007-06-20

Isbn

978-1-59593-745-2

Keywords

Policy similarity measure, XACML policies, Access control policies

Language

English

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Conference{ policysimilarity,
	title = "An Approach to Evaluate Policy Similarity",
	author = "Dan Lin, Prathima Rao, Elisa Bertino, Jorge Lobo",
	year = "2007",
	month = "06",
	address = "2 Penn Plaza, Suite 701
New York, New York 10121-0701",
	journal = "Proceedings of the 12th ACM Symposium on Access Control Models and Technologies",
	pages = "1-10",
	publisher = "The Association for Computing Machinery",
	day = "20",
	abstract = "Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a
lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.",
	affiliation = "Department of Computer Science, Purdue University; IBM T.J. Watson Research Center",
	isbn = "978-1-59593-745-2",
	keywords = "Policy similarity measure, XACML policies, Access control policies",
	language = "English",
}