Defeasible security policy composition for web services

Adam J. Lee, Jodie P. Boyer, Lars E. Olson, Carl A. Gunter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The ability to automatically compose security policies created by multiple organizations is fundamental to the development of scalable security systems. The diversity of policies leads to conflicts and the need to resolve priorities between rules. In this paper we explore the concept of defeasible policy composition, wherein policies are represented in defeasible logic and composition is based on rules for non-monotonic inference. This enables policy writers to assert rules tentatively; when policies are composed the policy with the firmest position takes precedence. In addition, the structure of our policies allows for composition to occur using a single operator; this allows for entirely automated composition. We argue that this provides a practical system that can be understood by typical policy writers, analyzed rigorously by theoreticians, and efficiently automated by computers. We aim to partially validate these claims here with a formulation of defeasible policy composition for web services, an emerging foundation for B2B commerce on the World Wide Web.

Original languageEnglish (US)
Title of host publicationProceedings of the Fourth ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06
Pages45-54
Number of pages10
DOIs
StatePublished - Dec 1 2006
Event4th ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06 - Alexandria, VA, United States
Duration: Nov 3 2006Nov 3 2006

Publication series

NameProceedings of the Fourth ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06

Other

Other4th ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06
CountryUnited States
CityAlexandria, VA
Period11/3/0611/3/06

    Fingerprint

Keywords

  • Defeasible logic
  • Security policy composition
  • Web services

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Lee, A. J., Boyer, J. P., Olson, L. E., & Gunter, C. A. (2006). Defeasible security policy composition for web services. In Proceedings of the Fourth ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06 (pp. 45-54). (Proceedings of the Fourth ACM Workshop on Formal Methods in Security Engineering, FMSE'06. A workshop held in conjuction with the 13th ACM Conference on Computer and Communications Security, CCS'06). https://doi.org/10.1145/1180337.1180342