Policy Reconciliation and Migration in Attribute Based Access Control

Gunjan Batra, Vijayalakshmi Atluri, Jaideep Vaidya, Shamik Sural

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Today, organizations do not work in silos, but rather collaborate, work jointly and share data resources for various business benefits such as storage, management, analytics, etc. In this scenario, organizations want to ensure that their own security requirements are always met, even though they may be sharing/moving their resources to another organization. Hence, there is a need to evaluate the extent to which their policies are similar (or equivalent) i.e., to what extent do they both agree on a common set of security requirements (policy)? When the policies are not identical, there is also a need to evaluate the differences and see how these differences can be reconciled so that the organizations can be brought to agreement in terms of their security requirements. To address this issue, in this paper, we first propose the notion of policy equivalence and develop methods to evaluate the policy similarity. We also propose two different approaches for accomplishing policy reconciliation where one is based on ABAC mining and the other is based on finding maximal common subsets. Both of the approaches guarantee that the organization’s policies are never violated as they are both conservative in nature. Further, it is also possible that the organizations in the collaboration decide to pick one organization and each of them migrates to the policy. We propose a migration approach for organizations in this setting which will incur least migration cost for all the organizations. We compare both the reconciliation approaches and policy migration with respect to their reconciliation results as well as performance.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 15th International Conference, ICISS 2019, Proceedings
EditorsDeepak Garg, N. V. Kumar, Rudrapatna K. Shyamasundar
Number of pages22
ISBN (Print)9783030369446
StatePublished - 2019
Event15th International Conference on Information Systems Security, ICISS 2019 - Hyderabad, India
Duration: Dec 16 2019Dec 20 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11952 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference15th International Conference on Information Systems Security, ICISS 2019

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


  • ABAC
  • Policy equivalence
  • Policy migration
  • Policy reconciliation
  • Policy similarity


Dive into the research topics of 'Policy Reconciliation and Migration in Attribute Based Access Control'. Together they form a unique fingerprint.

Cite this