ABSTRACT The complexity of multi-domain access control policy integration makes it difficult to understand and manage the policy conflict information. The policy information visualization technology can express the logical relation of the complex information intuitively which can effectively improve the management ability of the multi-domain policy integration. Based on the role-based access control model, this paper proposed two policy analyzing methods on the separated domain statistical information of multi-domain policy integration conflicts and the policy element levels of inter-domain and element mapping of cross-domain respectively. In addition, the corresponding visualization tool is developed. We use the tree-maps algorithm to statistically analyze quantity and type of the policy integration conflicts. On that basis, the semantic substrates algorithm is applied to concretely analyze the policy element levels of inter-domain and role and permission mapping of cross-domain. Experimental result shows tree-maps and semantic substrates can effectively analyze the conflicts of multi-domain policy integration and have a good application value.
Cite this paper
L. Pan and Q. Xu, "Visualization Analysis of Multi-Domain Access Control Policy Integration Based on Tree-Maps and Semantic Substrates," Intelligent Information Management, Vol. 4 No. 5, 2012, pp. 188-193. doi: 10.4236/iim.2012.45028.
 A. Schaad, J. Moffett and J. Jacob, “The Role-Based Access Control System of a European Bank: A Case Study and Discussion,” Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, 3-4 May 2001, pp. 3-9. doi:10.1145/373256.373257
 D. Hahn, R. Shangraw, M. Keith and D. Coursey, “Does Visualization Affect Perceptions of Ethically Complex Policy Decisions: An Experimental Study,” Proceedings of the 40th Annual Hawaii International Conference on System Sciences, Hilton Waikoloa, 3-6 January 2007 p. 96.
 P. Rao, G. Ghinita, E. Bertino and J. Lobo, “Visualization for Access Control Policy Analysis Results Using MultiLevel Grids,” IEEE International Symposium on Policies for Distributed Systems and Networks, London, 20-22 July 2009.
 W. J. Xu, M. Shehab and G.-J. Ahn, “Visualization Based Policy Analysis: Case Study in SELinux,” Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, 11-13 June 2008.
 R. Reeder, L. Bauer, L. Cranor, M. Reiter, K. Bacon, K. How and H. Strong, “Expandable Grids for Visualizing and Authoring Computer Security Policies,” CHI’08: Proceedings of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems, Florence, 5-10 April 2008.
 B. Shafiq, J. B. D. Joshi, E. Bertino and A. Ghafoor, “Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies,” IEEE Transactions on Knowledge and Data Engineering, Vol. 17, No. 11, 2005, pp. 1557-1577.
 R. Sandhu, E. Coyne and H. Feinstein, “Role-Based Access Control Model,” IEEE Computer, Vol. 29, No. 2, 1996, pp. 8-47
 B. Johnson and B. Shneiderman, “Tree-Maps: A SpaceFilling Approach to the Visualization of Hierarchical Information Structures”, Proceedings of the 2nd Conference on IEEE Visualization, San Diego, 22-25 October 1991, pp. 284-291.
 A. Aris and B. Shneiderman, “Designing Semantic Substrates for Visual Network Exploration,” Information Visualization, Vol. 6, No. 4, 2007, pp. 281-300.