45 PROPAGATING MODIFICATIONS TO MOBILE POLICIES 1 Ken Smith, Don Faatz, Amgad Fayad, Sushi! Jajodia The MITRE Corporation 7515 Colshire Drive, McLean, VA 22102-7508, USA (/cps, dJaatz. aJayad, jajodia}@mitre.org Abstract: Mobile policies provide a flexible framework for enforcing access controls in distributed applications. But what happens when a mobile policy needs to be modified or certain permissions from a policy have to be revoked? Since a mobile policy is attached to the data and travels with the data over the network, it can be tricky to propagate any changes to the policy. In addition, real-world constraints affect the formulation of the problem and imply a variety of propagation algorithms. In this paper, we propose different approaches for propagating modifications to mobile policies consistent with these constraints. Keywords: access control, mobile policy, policy modification 1. INTRODUCTION Many data-centric applications, such as e-commerce, scientific collaboration, and intelligence production, require computing environments that are highly distributed. Individual users can request access to data from I This work was funded by the MITRE technology program under project numbers 51MSR871, 51MSR203, and 0702M630. The work of Ken Smith was also supported by NIH grant ROl-MH64417-01 funded jointly by the National Institute for Mental Health and the National Science Foundation. The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: © IFIP International Federation for Information Processing 2002 10.1007/978-0-387-35586-3_46 M. A. Ghonaimy et al. (eds.), Security in the Information Society