Adjustable Autonomy for Cross-Domain Entitlement Decisions
Citation:
Jacob Beal, Jonathan Webb, Michael Atighetchi
Adjustable Autonomy for Cross-Domain Entitlement
Decisions.
The 3rd Workshop on Artificial Intelligence and Security as part of ACM CCS, Chicago, October 2010
Formats: Abstract:
Paper [PDF]
Slides [PDF]
Cross-domain information exchange is a growing problem, as
business and governmental organizations increasingly need
to integrate their information systems with those of partially
trusted partners. Current identity management and
access control technologies operate only within a specific domain
and are unable to scale to the asymmetric, heterogeneously
administered, and highly restrictive security policies
of cross-domain environments. We approach the problem as
one of adjustable autonomy, in which the human administrator
needs to encode policy intent in a way that allows
routine decisions about policy interactions to be safely delegated
to the machine. In this paper, we present work toward
such a system, combining a lattice representation of access
control decisions and client attributes with search through a
space of cross-domain mapping relations. This combination
enables a policy resolution algorithm that resolves routine
policy interactions while flagging potential conflicts for attention
from a human administrator.
