Abstract
Complex interactions between two organizations, involving sensible information and resources, requires to honor each organization’s security policy. This implies to make compatible and combine different sets of policy rules that were designed for different organizations, and, therefore, different subjects, actions, and objects, classified and organized in different manners. However, finding out what is the security policy that emerges from the combination of all the organization-level policies and the higher-level interoperability policy is not an easy task. In this paper we provide a methodology based on Finite State Transducers to analyse this situation modelling policy-rules, mapping entities, combine them, and automatically generate an interoperability set of security policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baliosian, J., Serrat, J.: Finite state transducers for policy evaluation and conflict resolution. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004, pp. 250–259. IEEE (2004)
Coma-Brebel, C., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.R.: Interoperability using O2O contract. In: SITIS 2008: Fourth International Conference on Signal-Image Technology and Internet-Based Dystems, Bali, Indonesia (2008)
Cuppens, F., Cuppens-Boulahia, N., Coma, C.: O2O: Virtual private organizations to manage security policy interoperability. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 101–115. Springer, Heidelberg (2006)
El Maarabani, M., Cavalli, A.: A formal approach for interoperability testing of security rules. In: 2010 Sixth International Conference on Signal-Image Technology and Internet Based Systems, pp. 277–284. IEEE, December 2010. http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5714563
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data & Knowledge Engineering 71(1), 127–147 (2012). http://linkinghub.elsevier.com/retrieve/pii/S0169023X11001248
Hu, J., Li, R., Lu, Z.-D.: Establishing RBAC-based secure interoperability in decentralized multi-domain environments. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 49–63. Springer, Heidelberg (2007)
Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 120–131. IEEE Comput. Soc. (2003). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1206966
Kapadia, A., Al-Muhtadi, J., Campbell, R.H., Mickunas, D.: IRBAC 2000: Secure Interoperability Using Dynamic Role Translation, May 2000. http://dl.acm.org/citation.cfm?id=871272
Mohri, M.: Weighted automata algorithms. In: Handbook of Weighted Automata, pp. 213–254 (2009). http://www.springerlink.com/index/P872G5Q565H44544.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Baliosian, J., Cavalli, A. (2015). An Abstraction for the Interoperability Analysis of Security Policies. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-25645-0_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25644-3
Online ISBN: 978-3-319-25645-0
eBook Packages: Computer ScienceComputer Science (R0)