Davy, Steven and Jennings, Brendan and Strassner, John (2008) Application domain independent policy conflict analysis using information models. In: NOMS 2008 - IEEE/IFIP Network Operations and Management Symposium : Pervasive Management for Ubiquitous Networks and Services. NOMS 2008 - IEEE/IFIP Network Operations and Management Symposium: Pervasive Management for Ubiquitous Networks and Services . UNSPECIFIED, BRA, pp. 17-24. ISBN 9781424420667
Full text not available from this repository. (Request a copy)Abstract
A key part of the policy authoring process is analysis of the potential for newly created or modified policies to conflict with already deployed policies. We propose an approach for policy conflict analysis in which candidate policies (either newly created or modified) are analyzed on a pair-wise basis with already deployed policies, with potential conflicts between the policies being notified to the policy author. Central to the approach is a two-phase algorithm which, querying an information model, firstly determines the relationships between the pair of policies and, secondly, applies an application-specific conflict pattern to determine if the policies should be flagged as potentially conflicting. The algorithm is generic in the sense that all application specific information is encoded in the information model; as long as a minimal set of assumptions regarding the policy model are adhered to it can be applied in arbitrary application domains. In the paper we present the two phase algorithm and describe an implementation in which it is used to detect potential conflicts for both access control and filtering (firewall) policies.
Item Type: | Book Section |
---|---|
Uncontrolled Keywords: | /dk/atira/pure/subjectarea/asjc/1700/1705 |
Departments or Groups: | |
Depositing User: | Admin SSL |
Date Deposited: | 19 Oct 2022 23:17 |
Last Modified: | 15 Jul 2023 02:50 |
URI: | http://repository-testing.wit.ie/id/eprint/5126 |
Actions (login required)
View Item |