Sciweavers

CCS
2006
ACM

Defeasible security policy composition for web services

14 years 3 months ago
Defeasible security policy composition for web services
The ability to automatically compose security policies created by multiple organizations is fundamental to the development of scalable security systems. The diversity of policies leads to conflicts and the need to resolve priorities between rules. In this paper we explore the concept of defeasible policy composition, wherein policies are represented in defeasible logic and composition is based on rules for non-monotonic inference. This enables policy writers to assert rules tentatively; when policies are composed the policy with the firmest position takes precedence. In addition, the structure of our policies allows for composition to occur using a single operator; this allows for entirely automated composition. We argue that this provides a practical system that can be understood by typical policy writers, analyzed rigorously by theoreticians, and efficiently automated by computers. We aim to partially validate these claims here with a formulation of defeasible policy composition for...
Adam J. Lee, Jodie P. Boyer, Lars E. Olson, Carl A
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CCS
Authors Adam J. Lee, Jodie P. Boyer, Lars E. Olson, Carl A. Gunter
Comments (0)