15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

Security Policy Coordination for Heterogeneous Information Systems

John Hale, john-hale@utulsa.edu
Department of Computer Science
University of Tulsa
600 S College Ave
Tulsa, Oklahoma, 74104-3189

Pablo Galiasso, Mauricio Papa & Sujeet Shenoi
Washington State University

Keywords: information enclaves, authorization policy, access control, mediators

Coordinating security policies in information enclaves is challenging due to their heterogeneity and autonomy. Administrators must reconcile the semantic diversity of data and security models before negotiating secure interoperation. This paper proposes an architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in loosely coupled information system federations. The formal foundation of the architecture facilitates static and dynamic analysis of global consistency and policy enforcement.