A Similarity Measure for Comparing XACML Policies

Author

Dan Lin, Missouri University of Science and TechnologyFollow
Prathima Rao
Rodolfo Ferrini
Elisa Bertino
Jorge Lobo

Abstract

Assessing similarity of policies is crucial in a variety of scenarios, such as finding the cloud service providers which satisfy users' privacy concerns or finding collaborators which have matching security and privacy settings. Existing approaches to policy similarity analysis are mainly based on logical reasoning and Boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like the cloud). In this paper, we propose a policy similarity measure as a lightweight ranking approach to help one party quickly locate parties with potentially similar policies. In particular, given a policy P, the similarity measure assigns a ranking (similarity score) to each policy compared with P. We formally define the measure by taking into account various factors and prove several important properties of the measure. Our extensive experimental study demonstrates the efficiency and practical value of our approach. © 1989-2012 IEEE.

Recommended Citation

D. Lin et al., "A Similarity Measure for Comparing XACML Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 25, no. 9, pp. 1946 - 1959, article no. 6295615, Institute of Electrical and Electronics Engineers, Aug 2013.

The definitive version is available at https://doi.org/10.1109/TKDE.2012.174

Department(s)

Computer Science

Keywords and Phrases

Access controls; And protection; Integrity; Security

International Standard Serial Number (ISSN)

1041-4347

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2024 Institute of Electrical and Electronics Engineers, All rights reserved.

Publication Date

08 Aug 2013