Computer systems vendors aim to provide secure business products by implementing various security solutions. Security solutions are built to satisfy different security requirements. Modem computer systems are built by integrating a large number of interacting or independent entities. These entities or components are often formed out of smaller systems that are integrated to provide the required functionality or set of services. To be compliant with one or more regulations, a computer system may have to satisfy several security requirements through independent security solutions. A security solution of a computer system may include properties such as access control, network security, cryptography, etc.
Typically, each component of a computer system could have different security requirements, which may be satisfied by one or more independent security solutions. Generally, it may be more efficient to combine existing security solutions of the system components, rather than designing an entirely new security solution for the entire computer system. However, combining disparate security solutions of system components can be challenging. The components of such system, and the respective security solutions, are provided and changed in different time periods by different software developers, and often by different vendors.
Independent, commercially available off the shelf (COTS) security solutions are available in the form of security patterns that capture expert knowledge in a structured way. Different integration schemes and mechanisms help to compose two or more security solutions to provide a complex solution for a set of security requirements or properties. However, the integration process may lead to conflicts. Therefore, an instrument to identify possible cases of conflict is necessary. For instance, a conflict arises whenever different authorities and configuration sharing exist among the solutions under integration.