No abstract
Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra is able to support the specification of a large variety of integration constraints. To assess the expressive power of our algebra, we prove its completeness and minimality. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams.
Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment-EXAM. The environment supports various types of analysis query, which we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of our analyzer.
Recent collaborative applications and enterprises very often need to efficiently integrate their access control policies. An important step in policy integration is to analyze the similarity of policies. Existing approaches to policy similarity analysis are mainly based on logical reasoning and boolean function comparison. Such approaches are computationally expensive and do not scale well for large heterogeneous distributed environments (like Grid computing systems). In this paper, we propose a policy similarity measure as a filter phase for policy similarity analysis. This measure provides a lightweight approach to pre-compile a large amount of policies and only return the most similar policies for further evaluation. In the paper we formally define the measure, by taking into account both the case of categorical attributes and numeric attributes. Detailed algorithms are presented for the similarly computation. Results of our case study demonstrates the efficiency and practical value of our approach.
With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting resources entrusted to them. Access control decisions thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements of these parties. Unfortunately, none of the conventional access control systems meets these new requirements. To support collaborative access control, in this paper, we propose a novel policy-based access control model. Our main idea is based on the notion of policy decomposition and we propose an extension to the reference architecture for XACML. We present algorithms for decomposing a global policy and efficiently evaluating requests.
The Asian rice gall midge, Orseolia oryzae (Wood‐Mason) (Diptera: Cecidomyiidae), is a major pest of rice [Oryza sativa L. (Poaceae)] in India. Breeding resistant varieties and their cultivation has been the main approach to manage this pest. However, the breakdown of resistance conferred by the major genes, deployed one at a time, through evolution of virulent biotypes has become a major setback to this approach. Development of polymerase chain reaction‐based molecular markers for eight of the 10 resistance genes and their possible use in marker‐assisted selection has enabled breeders to pyramid resistance genes for achieving durable resistance. However, the choice of resistance genes needs to be made with a better understanding of the virulence composition of the pest populations in the target area and the genetics of plant resistance and insect virulence, as the rice–gall midge interaction is a gene‐for‐gene one. We adopted a single‐female test and coupled it with a modified F2 screen test to note the virulence composition of gall midge populations and estimated the frequency of virulence alleles for adaptation at three pest endemic locations in India, namely, Warangal, Ragolu, and Raipur. Results on biotype composition showed heterogeneous pest populations in all the tests and at all the locations. Tests at Warangal repeated after 8 years showed a rapid increase in frequency of the virulence allele conferring adaptation to the plant resistance gene Gm2 as compared to that of the allele for adaptation to the resistance gene Gm1. This is probably the first direct measurement of a durability parameter of plant genes conferring insect resistance. Results supported earlier observations that sex‐linked virulence against Gm2 makes it less durable. The sex ratio did not deviate from the expected 1:1 ratio at Warangal, but at Ragolu females outnumbered males.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.