Methods and limitations of security policy reconciliation
- 1 August 2006
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 9 (3), 259-291
- https://doi.org/10.1145/1178618.1178620
Abstract
A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a general-purpose policy model. We identify an algorithm for efficient two-policy reconciliation and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.Keywords
This publication has 12 references indexed in Scilit:
- Beyond proof-of-compliance: security analysis in trust managementJournal of the ACM, 2005
- The COPS (Common Open Policy Service) Protocol2000
- The KeyNote Trust-Management System Version 21999
- CoyoteACM Transactions on Computer Systems, 1998
- The Internet Key Exchange (IKE)1998
- Security Architecture for the Internet Protocol1998
- Configuration management for highly customisable softwareIEE Proceedings - Software, 1998
- Kerberos: an authentication service for computer networksIEEE Communications Magazine, 1994
- The x-Kernel: an architecture for implementing network protocolsIEEE Transactions on Software Engineering, 1991
- New directions in cryptographyIEEE Transactions on Information Theory, 1976