Browse Prior Art Database

Optimizing Policy Represenation through Mathematical Properties

IP.com Disclosure Number: IPCOM000028245D
Original Publication Date: 2004-May-05
Included in the Prior Art Database: 2004-May-05
Document File: 2 page(s) / 44K

Publishing Venue

IBM

Abstract

Policies are created with a mathematical rule representation. Users creating policies may understand the relationships of the policy rule, but not the most precise mathematical representation. Policies created with complex mathematical rules can be reduced to their simpliest format before distribution to policy management systems. Mathematical reduction on policies has several advantages.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

Optimizing Policy Represenation through Mathematical Properties

Policies are created with a mathematical rule representation. Users creating policies may understand the relationships of the policy rule, but not the most precise mathematical representation. Policies created with complex mathematical rules can be reduced to their simpliest format before distribution to policy management systems.

For example, the policy creator may create a policy such as the following:

User Created Policy

However, this user created policy is not in it's reduced form. This policy can be reduced as in the following steps:

User Creates a Policy in a Policy Editor (see User Created Policy figure)

Policy is transformed into canonical Sum Of Product (SOP) or Product Of Sum

(POS) forms Policy rule format undergoes reduction algorithms using mathematical properties

(algebraic reduction), Karnaugh map reduction, or tabular (Quine-McCluskey) reduction to find the smallest form of the policy rule.

Example algebraic properties:

In our example, applying the steps of reduction, the policy may be reduced as follows.

User Creates a Policy in a Policy Editor (see User Created Policy figure)

Policy is transformed into canonical Sum Of Product (SOP) or Product Of Sum

(POS) form:

(if (UserGroup="administator") AND (UserName="bob")) OR ((UserGroup="adminstrator") AND (UserName!="bob")) then (Access low)

Policy rule format undergoes reduction algorithms using mathematical properties

(algebraic reduction), Karnaugh map reduction, or tabular (Quine-McCluskey) reduction to find the smal...