Pablo Galiasso, Oliver Bremer, John Hale & Sujeet Shenoi
University of Tulsa
USA

Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However, few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture for coordinating diverse policies in large information networks. The language-based approach adopted by each of these technologies permits local and global access control policies validation with static analysis and other formal techniques. Together, the Policy Machine and Policy Mediation Architecture comprise an effective system for closing policy gaps in multi-enterprise environments.

Read Paper (in PDF)