Semantic web technologies to aid dominance detection for access control policies

Jason Barron; Steven Davy

Semantic web technologies to aid dominance detection for access control policies

Jason Barron, Steven Davy

Department of Computing and Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

We present a dominance detection algorithm as part of a policy authoring process that makes extensive use of semantic models to perform a novel dominance detection of access control policies, where groups of deployed policies are considered in unison to discover redundancy. The approach is targeted towards the pre-deployment stage of the policy authoring process and aims to help prevent the introduction of redundant policies into the system. To achieve this, semantic queries are executed over instances of new and deployed policy elements in order to select matching elements for further analysis. The semantic queries may return a large number of deployed policy elements so we present an algorithm that prunes the search space to reduce the problem size. We show that for large sets of deployed policies, we can discover relatively large sets that are considered dominant.

Original language	English
Title of host publication	Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Pages	780-783
Number of pages	4
Publication status	Published - 2013
Event	2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium Duration: 27 May 2013 → 31 May 2013

Publication series

Name	Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

Conference

Conference	2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Country/Territory	Belgium
City	Ghent
Period	27/05/2013 → 31/05/2013

Cite this

@inproceedings{20b5d8b185544bbaaa3f1b2c6fc5e4d4,

title = "Semantic web technologies to aid dominance detection for access control policies",

abstract = "We present a dominance detection algorithm as part of a policy authoring process that makes extensive use of semantic models to perform a novel dominance detection of access control policies, where groups of deployed policies are considered in unison to discover redundancy. The approach is targeted towards the pre-deployment stage of the policy authoring process and aims to help prevent the introduction of redundant policies into the system. To achieve this, semantic queries are executed over instances of new and deployed policy elements in order to select matching elements for further analysis. The semantic queries may return a large number of deployed policy elements so we present an algorithm that prunes the search space to reduce the problem size. We show that for large sets of deployed policies, we can discover relatively large sets that are considered dominant.",

author = "Jason Barron and Steven Davy",

year = "2013",

language = "English",

isbn = "9783901882517",

series = "Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013",

pages = "780--783",

booktitle = "Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013",

note = "null ; Conference date: 27-05-2013 Through 31-05-2013",

}

Barron, J & Davy, S 2013, Semantic web technologies to aid dominance detection for access control policies. in Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013., 6573077, Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, pp. 780-783, 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, Ghent, Belgium, 27/05/2013.

Semantic web technologies to aid dominance detection for access control policies. / Barron, Jason; Davy, Steven.

Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013. 2013. p. 780-783 6573077 (Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Semantic web technologies to aid dominance detection for access control policies

AU - Barron, Jason

AU - Davy, Steven

PY - 2013

Y1 - 2013

N2 - We present a dominance detection algorithm as part of a policy authoring process that makes extensive use of semantic models to perform a novel dominance detection of access control policies, where groups of deployed policies are considered in unison to discover redundancy. The approach is targeted towards the pre-deployment stage of the policy authoring process and aims to help prevent the introduction of redundant policies into the system. To achieve this, semantic queries are executed over instances of new and deployed policy elements in order to select matching elements for further analysis. The semantic queries may return a large number of deployed policy elements so we present an algorithm that prunes the search space to reduce the problem size. We show that for large sets of deployed policies, we can discover relatively large sets that are considered dominant.

AB - We present a dominance detection algorithm as part of a policy authoring process that makes extensive use of semantic models to perform a novel dominance detection of access control policies, where groups of deployed policies are considered in unison to discover redundancy. The approach is targeted towards the pre-deployment stage of the policy authoring process and aims to help prevent the introduction of redundant policies into the system. To achieve this, semantic queries are executed over instances of new and deployed policy elements in order to select matching elements for further analysis. The semantic queries may return a large number of deployed policy elements so we present an algorithm that prunes the search space to reduce the problem size. We show that for large sets of deployed policies, we can discover relatively large sets that are considered dominant.

UR - http://www.scopus.com/inward/record.url?scp=84883468637&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84883468637

SN - 9783901882517

T3 - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

SP - 780

EP - 783

BT - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

Y2 - 27 May 2013 through 31 May 2013

ER -

Semantic web technologies to aid dominance detection for access control policies

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this