A Framework for Policy Similarity Evaluation and Migration Based on Change Detection.

Access control facilitates controlled sharing and protection of resources in an enterprise. However, given the ubiquity of collaborative applications and scenarios, enterprises no longer function in isolation. Being able to measure policy similarity and integrate heterogeneous policies appropriately is an essential step towards secure interoperation. Existing approaches for measuring policy similarity are based on computing similarity between different components of the access control policy. However, this does not provide a pathway for integrating policies, and may not sufficiently take the security context into account. In this paper, we propose a holistic change detection approach that enables policy similarity evaluation and policy migration. Our approach more comprehensively takes into account different access control semantics to compute policy similarity and finds the common organizational policy with the least cost.