Semi-Automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection

Abeer El­sa­fie, Jörg Schwenk

IEEE 5th International Workshop on Security and Privacy Engineering SPE2015, within IEEE SERVICES 2015 June 27 and July 2, 2015, New York, NY, USA


In order to enable a secure Business-to-Business (B2B) interaction between web services, it is essential to negotiate a common security policy by computing the policy intersection according to the web service (WS)-Policy framework. For this purpose, both policies are transformed into Disjunctive Normal Form (DNF). Then the intersection of the two sets of monomials (alternatives) from the two DNFs is computed. If the intersection's output is only one compatible monomial, we are done: We have found a unique security policy supported by both parties.

However, two other cases are also possible: There may be more than one compatible monomial, and there may be no intersection which means, no compatible alternatives are found. In both cases, additional processing steps are required in order to communicate: If there are more than one alternatives, we would like to find the optimum security policy amongst all. If there is no intersection, we would like to find a minimal extension of the security policies to enforce an intersection. WS-policy framework does not give any information on how the policy intersection can be calculated or found when alternatives are semi-compatible or fully incompatible. In addition to the issue of multiple compatible alternatives, which alternative to choose. Current research is focusing on how to measure the compatibility, however achieving policy agreement in term of policy intersection is far from being possible.

In order to address this problem we introduce two separate solutions for the two cases. For the case of more than one compatible alternative (multiple-intersection), we present a Multiple Criteria Decision Making (MCDM) model using Fuzzy Analytical Hierarchy Process (AHP) for the WS-Security Policy assertions in order to calculate the optimum security policy alternative. For the case of (no-intersection) we provide two algorithms for calculating the least upper bound (lub) or the greatest lower bound (glb) of the ordered sets to enable compatibility. We present a case example using practical policies in order to show the output using the two concepts based on Apache axis2 rampart, Apache neethi and IBM security policies. Outputs are found similar using both concepts.