Conflict Detection in Security Policies using Semantic Web Technology

Abstract

The design of efficient and effective techniques for security policy analysis is a crucial open problem in modern information systems. Significant attention has been dedicated in the past to the use of logical tools for the analysis of security policies, but this work has produced a limited impact on enterprise information systems. Important reasons of the limited success of past research were the difficult integration of these approaches with the technological scenario and the limited scalability of many proposals. Nowadays Semantic Web tools are increasingly used in modern information systems. We show how the tools provided by Semantic Web and ontology management technologies offer an adequate basis for the realization of techniques able to support conflict analysis in security policies. Based on the use of these techniques, we propose a solution for two different variants of conflict analysis: (a) Policy Incompatibility, and (b) Separation of Duty Satisfiability. Experiments that test the techniques on large security policies demonstrate the scalability of the approach.