Security Policy Reconciliation in Distributed Computing Environments
A major hurdle in sharing resources between organizations is
heterogeneity. Therefore, in order for two organizations to
collaborate their policies have to be resolved. The process of
resolving different policies is known as policy reconciliation, which
in general is an intractable problem. This paper addresses policy
reconciliation in the context of security. We present a formal
framework and hierarchical representation for security policies. Our
hierarchical representation exposes the structure of the policies and
leads to an efficient reconciliation algorithm. We also demonstrate
that agent preferences for security mechanisms can be readily
incorporated into our framework. We have implemented our
reconciliation algorithm in a library called the Policy Reconciliation
Engine or PRE. In order to test the implementation and measure the
overhead of our reconciliation algorithm, we have integrated PRE into
a distributed high-throughput system called Condor.
Download:[PS,PDF]
Somesh Jha
Last modified: Mon Mar 29 15:28:24 CST 2004