Adjustable autonomy for cross-domain entitlement decisions

Jacob Beal, Jonathan Webb, Michael Atighetchi
2010 Proceedings of the 3rd ACM workshop on Artificial intelligence and security - AISec '10  
Cross-domain information exchange is a growing problem, as business and governmental organizations increasingly need to integrate their information systems with those of partially trusted partners. Current identity management and access control technologies operate only within a specific domain and are unable to scale to the asymmetric, heterogeneously administered, and highly restrictive security policies of cross-domain environments. We approach the problem as one of adjustable autonomy, in
more » ... ich the human administrator needs to encode policy intent in a way that allows routine decisions about policy interactions to be safely delegated to the machine. In this paper, we present work toward such a system, combining a lattice representation of access control decisions and client attributes with search through a space of cross-domain mapping relations. This combination enables a policy resolution algorithm that resolves routine policy interactions while flagging potential conflicts for attention from a human administrator.
doi:10.1145/1866423.1866436 dblp:conf/ccs/BealWA10 fatcat:7ubbr3kdjjhyxlgyvpwtmg3snm