A Distributed Tabling Algorithm for Rule Based Policy Systems

Slides:



Advertisements
Similar presentations
Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech
Advertisements

Introduction to Prolog, cont’d Lecturer: Xinming (Simon) Ou CIS 505: Programming Languages Fall 2010 Kansas State University 1.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Chapter 19: Network Management Business Data Communications, 5e.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
8.2 Discretionary Access Control Models Weiling Li.
Proof methods Proof methods divide into (roughly) two kinds: –Application of inference rules Legitimate (sound) generation of new sentences from old Proof.
1 SWE Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
Software Testing and Quality Assurance
Proof System HY-566. Proof layer Next layer of SW is logic and proof layers. – allow the user to state any logical principles, – computer can to infer.
Collaboration Diagrams. Example Building Collaboration Diagrams.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
ECE122 L17: Method Development and Testing April 5, 2007 ECE 122 Engineering Problem Solving with Java Lecture 17 Method Development and Testing.
Carlos DamásioTAPD 2000, Vigo1 A Distributed Tabling System Carlos Viegas Damásio Dept. Informática, Univ. Nova de Lisboa Portugal.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Detection and Resolution of Anomalies in Firewall Policy Rules
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
 Communication Tasks  Protocols  Protocol Architecture  Characteristics of a Protocol.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
Logical Agents Logic Propositional Logic Summary
Data Access and Security in Multiple Heterogeneous Databases Afroz Deepti.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
1 Propositional Logic Limits The expressive power of propositional logic is limited. The assumption is that everything can be expressed by simple facts.
1 Security and Dependability Organizational Patterns - A Proof of Concept Demo for SERENITY A. Saidane, F. Dalpiaz, V.H. Nguyen, F. Massacci.
Logical Agents. Outline Knowledge-based agents Logic in general - models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability.
Logical Architecture and UML Package Diagrams. The logical architecture is the large-scale organization of the software classes into packages, subsystems,
A Proof-Carrying File System Deepak Garg and Frank Pfenning (Carnegie Mellon University) IEEE Symposium on Security and Privacy May 18, 2010.
Distributed Systems Architectures. Topics covered l Client-server architectures l Distributed object architectures l Inter-organisational computing.
Decentralized Access Control: Policy Languages and Logics
Auditing Concepts.
EA C461 Artificial Intelligence
Introduction To Design Patterns
Algorithms and Problem Solving
Chapter 3 of Programming Languages by Ravi Sethi
Software Testing.
Static Detection of Cross-Site Scripting Vulnerabilities
Recursive stack-based version of Back-chaining using Propositional Logic
Troubleshooting Network Communications
Chapter 8 – Software Testing
Verification and Validation Overview
Advance Software Engineering
Understanding the OSI Reference Model
Types of Testing Visit to more Learning Resources.
#01 Client/Server Computing
Programming Models for Distributed Application
Object-Oriented Design
The Extensible Tool-chain for Evaluation of Architectural Models
What is an Architecture?
Providing Secure Storage on the Internet
Jim Fawcett CSE776 – Design Patterns Summer 2003
Lecture 09:Software Testing
Verification and Validation Unit Testing
Secure Electronic Transaction (SET) University of Windsor
Behavioral Design Pattern
Multi-party Authentication in Web Services
Software testing.
Programming Fundamentals (750113) Ch1. Problem Solving
What is an Architecture?
Programming Fundamentals (750113) Ch1. Problem Solving
Methods of Proof Chapter 7, second half.
COMPUTER NETWORKS PRESENTATION
Database System Architectures
More C++ Classes Systems Programming.
Exceptions and networking
#01 Client/Server Computing
Model-based Adaptation for Self-Healing Systems David Garlan, Bradley Schmert ELSEVIER Sciences of Computer Programming 57 (2005) 이경렬
Presentation transcript:

A Distributed Tabling Algorithm for Rule Based Policy Systems Miguel Alves, Carlos Damasio, Wolfgang Nejdl, Daniel Olmedilla IEEE Policy, June 4-6, 2006

Motivation Scenario Online Sharing Pictures Bob: Is Tom a friend of Bob? Bob: Is Tom a friend of Alice? Bob: Check local friend list Bob: Is Tom a friend of Frank? Alice: Is Tom a friend of Alice? Frank: Is Tom a friend of Frank? Alice: Is Tom a friend of Bob? Alice: Is Tom a friend of Frank? Frank: Is Tom a friend of Alice? Frank: Is Tom a friend of Bob? Alice: Check local friend list Frank: Check local friend list Policy 2006 22/04/2019

Problem Statement CIA Agents I show you my CIA badge If you show me yours first I show you my CIA badge If you show me yours first [ Li, Du,BonehWinsborough, Seamons, Jones. Oblivious Signature-Based Envelope DARPA ACM Symposium on Principles of Distributed Computing, 2003] Policy 2006 22/04/2019

Problem Statement Loop Detection From a declarative specification point of view Loops may easily occur Policies are complex and large in number Typically, they are not under the control of a single person Loops are not errors However, if not handled correctly They may end up in non-terminating evaluation Policy 2006 22/04/2019

Problem Statement Existing Validation & Verification Techniques Locally (on own policies) Policy specification Static checking Tabling Model checking Etc. They do not apply in a distributed setting because Too large number of potential policies Policies at other entities may be private Policies are dynamic Applicable policies are known only at runtime Policy 2006 22/04/2019

SLD Resolution Definition Goal G = ( L1, … , Lk , … , Lm ) Clause C = ( A :- M1 , … , Mn ) Resolvent G’ = ( L1, … , Lk-1 , M1 , … , Mn , Lk-1 , … , Lm ) θ θ = mgu (Lk , A) Policy 2006 22/04/2019

Each new sub-goal is tabled, and its answers stored in that table Tabling Definition Technique for goal-oriented evaluation of logic programs by storing computed answers in tables (a.k.a. tabulation) Each new sub-goal is tabled, and its answers stored in that table Resolution returns the answers of the table Repeated answers are not propagated Policy 2006 22/04/2019

friendOf(alice,alice) Tabling Example friendOf(X,alice) friendOf(X,bob). friendOf (X,Y) :- friendOf (Y,X). friendOf (X,alice). □ friendOf(alice,X) {bob/X} {alice/X} □ □ friendOf(X,alice) Subgoals Answers □ friendOf(X,alice) friendOf(X,alice) friendOf(alice,X) friendOf(alice,bob) Reuse answer Reuse answer friendOf(alice,alice) Policy 2006 22/04/2019

Distributed Tabling Elements Peer Prover Perform the logical operations on goals Send a request to peer client for each new sub-goal selected and wait for the answers Able to produce the proof of an answer Peer Client Keep the tables and answers for goal calls Goal Manager Interfaces a community with the outside world One per community Major function is to detect termination Policy 2006 22/04/2019

Distributed Tabling Example of Running Architecture Policy 2006 22/04/2019

Distributed Tabling Security & Privacy Sharing dependencies during evaluation makes tabling easier It brings privacy concerns Sharing dependencies may discover partnerships and the policies themselves Two kind of predicates: Public: can be queried and included in the proof Private: cannot be queried and must remain hidden Two kinds of calls: Authorization call (call for evaluation) Proof (explanation of the evaluation) Policy 2006 22/04/2019

Distributed Tabling Messages Interaction Policy 2006 22/04/2019

Distributed Tabling Example Policy 2006 22/04/2019

Distributed Tabling Termination Detection Crucial to detect In order to inform the requester there are no more answers (or request failed) Needed for Negation as Failure Allow to free resources used during evaluation Global Termination Detect when all goals are finished No need to share dependencies among peers Local Termination Detect when each goal is finished Need to share dependencies Privacy problems It allows to have NAF Policy 2006 22/04/2019

Conclusions & Further Work A distributed tabling algorithm is presented Detects loops Without increasing the complexity of the system (PTIME) Handles public and private policies and proof generation Implemented and tested Further work Reduce communication among peers Better management of information Reduce risk of information leakage Research on local termination algorithms Taking privacy into account In order to allow NAF Policy 2006 22/04/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.