Distributed Overlay Construction to Support Policy-Based Access Control

Overlay networks have been studied extensively in recent years as a flexible means to improving the reliability, resiliency, and performance of many networking applications. In this paper we present a novel use of overlay networks and distributed mechanisms to construct them for handling information assurance issues in networking systems. The problem is explored in the context of constructing an overlay that satisfies a given set of access control policies in decentralized information sharing systems. We formulate a new graph-theoretic optimization problem of constructing a minimum policy-compatible graph, which is NP-complete. We provide efficient centralized and fully-distributed heuristics, and prove the convergence property of the distributed process. Our simulation study with synthetic and empirical data set shows that our methods result in the performance (in terms of total number of links) very close to the optimal case (within 3%) for small input, and that they can reduce the number by up to 30% compared to a method based on minimum spanning tree algorithm for larger data set.