Ontology-based policy anomaly management for autonomic computing

Abstract

The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Moreover, designing and managing different types of policies collaboratively in such a computing environment are critical but often error prone due to the complex nature of policies as well as the lack of effective analysis mechanisms and corresponding tools. In particular, existing mechanisms and tools for policy management adopt different approaches for different types of policies. In this work, we propose a unified framework to facilitate collaborative policy analysis and management for different types of policies, focusing on policy anomaly detection and resolution. Our generic approach captures the common semantics and structure of different types of access control policies with the notion of policy ontology. We also discuss a proof-of-concept implementation of our proposed framework and demonstrate how efficiently our approach can discover and resolve anomalies for different types of policies. © 2011 ICST.