An Approach to Evaluate Policy Similarity
Author
Dan Lin, Prathima Rao, Elisa Bertino, Jorge Lobo
Abstract
Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a
lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.
Address
2 Penn Plaza, Suite 701
New York, New York 10121-0701
Journal
Proceedings of the 12th ACM Symposium on Access Control Models and Technologies
Key alpha
policysimilarity
Publisher
The Association for Computing Machinery
Affiliation
Department of Computer Science, Purdue University; IBM T.J. Watson Research Center
Publication Date
2007-06-20
Keywords
Policy similarity measure, XACML policies, Access control policies