16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Policy Mediation for Multi-Enterprise Environments

Pablo Galiasso, Oliver Bremer, John Hale & Sujeet Shenoi
University of Tulsa

Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However, few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture for coordinating diverse policies in large information networks. The language-based approach adopted by each of these technologies permits local and global access control policies validation with static analysis and other formal techniques. Together, the Policy Machine and Policy Mediation Architecture comprise an effective system for closing policy gaps in multi-enterprise environments.

Read Paper Read Paper (in PDF)