An innovative simulation environment for cross-domain policy enforcement

Abstract

Listen

Translate article

With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.