Automated policy combination for secure data sharing in cross-organizational collaborations

Li Duan*, Yang Zhang, Shiping Chen, Shuai Zhao, Shiyao Wang, Dongxi Liu, Ren Ping Liu, Bo Cheng, Junliang Chen

*Corresponding author for this work

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

During business collaborations, multiple participating organizations often need to share data for common interests. In such cases, it is necessary to combine local policies from different organizations into a global one in order to manage access to the shared data. However, local policies of organizations may be different or even conflicting, due to diverse rules and rule combining algorithms chosen. Few existing methods for policy combination are able to automatically combine multiple local policies into a global one. In this paper, we propose a bottom-up approach to address the issues of multiple policy combinations. The key idea is to first classify the rules based on attribute constraints in each policy, and then reduce the rules of the corresponding classes to one with the same attribute constraints. The reduced rules are then combined into a new global policy by choosing the appropriate rule combining algorithm in XACML. The latter ensures compliance with each of the local policies at syntax and semantic levels. To validate our approach, we develop a proof-of-concept implementation of the automated policy combination. Experimental results demonstrate that our approach is highly scalable and supports a number of attribute constraints in each local policy.

Original languageEnglish
Article number7500055
Pages (from-to)3454-3468
Number of pages15
JournalIEEE Access
Volume4
DOIs
Publication statusPublished - 27 Jun 2016
Externally publishedYes

Keywords

  • XACML
  • collaboration
  • data sharing
  • policy combination
  • access control policy

Fingerprint Dive into the research topics of 'Automated policy combination for secure data sharing in cross-organizational collaborations'. Together they form a unique fingerprint.

Cite this