Automated policy combination for secure data sharing in cross-organizational collaborations

During business collaborations, multiple participating organizations often need to share data for common interests. In such cases, it is necessary to combine local policies from different organizations into a global one in order to manage access to the shared data. However, local policies of organizations may be different or even conflicting, due to diverse rules and rule combining algorithms chosen. Few existing methods for policy combination are able to automatically combine multiple local policies into a global one. In this paper, we propose a bottom-up approach to address the issues of multiple policy combinations. The key idea is to first classify the rules based on attribute constraints in each policy, and then reduce the rules of the corresponding classes to one with the same attribute constraints. The reduced rules are then combined into a new global policy by choosing the appropriate rule combining algorithm in XACML. The latter ensures compliance with each of the local policies at syntax and semantic levels. To validate our approach, we develop a proof-of-concept implementation of the automated policy combination. Experimental results demonstrate that our approach is highly scalable and supports a number of attribute constraints in each local policy.