Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

Modelling with expert systems. Expert systems Modelling with expert systems Coaching modelling with expert systems Advantages and limitations of modelling.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
For e-Business F. Dignum Utrecht University Trust Reputation and.
Auditing Concepts.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
8.2 Discretionary Access Control Models Weiling Li.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.
Using Digital Credentials On The World-Wide Web M. Winslett.
Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Security Models for Trusting Network Appliances From : IEEE ( 2002 ) Author : Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.
Use Case Development Scott Shorter, Electrosoft Services January/February 2013.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Web Explanations for Semantic Heterogeneity Discovery Pavel Shvaiko 2 nd European Semantic Web Conference (ESWC), 1 June 2005, Crete, Greece work in collaboration.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
المحاضرة الثالثة. Software Requirements Topics covered Functional and non-functional requirements User requirements System requirements Interface specification.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
Auditing Information Systems (AIS)
IT Requirements Management Balancing Needs and Expectations.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
Page 1 WWRF Briefing WG2-br2 · Kellerer/Arbanowski · · 03/2005 · WWRF13, Korea Stefan Arbanowski, Olaf Droegehorn, Wolfgang.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
A Context Model based on Ontological Languages: a Proposal for Information Visualization School of Informatics Castilla-La Mancha University Ramón Hervás.
22/01/2004Daniel Olmedilla1 INTEGRATING PROLOG IN TRUST NEGOTIATION Software Project / Summer Semester /04/2004 Daniel Olmedilla L3S / University.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Introduction to Semantic Web Service Architecture ► The vision of the Semantic Web ► Ontologies as the basic building block ► Semantic Web Service Architecture.
Agents that Reduce Work and Information Overload and Beyond Intelligent Interfaces Presented by Maulik Oza Department of Information and Computer Science.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Vision for Semantic Web.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
SecPAL Presented by Daniel Pechulis CS5204 – Operating Systems1.
July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,
Faculty Faculty Richard Fikes Edward Feigenbaum (Director) (Emeritus) (Director) (Emeritus) Knowledge Systems Laboratory Stanford University “In the knowledge.
Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
Introduction to Access Control and Trust Management Daniel Trivellato.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.
Computer Science and Engineering 1 Mobile Computing and Security.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
A Portrait of the Semantic Web in Action Jeff Heflin and James Hendler IEEE Intelligent Systems December 6, 2010 Hyewon Lim.
Mohssen Mohammed Sakib Pathan Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body Mohssen Mohammed Sakib Pathan.
Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.
Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.
Kent Seamons Brigham Young University Marianne Winslett, Ting Yu
Reactive Policies for the Semantic Web*
A Distributed Tabling Algorithm for Rule Based Policy Systems
Protecting Privacy During On-line Trust Negotiation
Policy Language Requirements for Trust Negotiation
Presentation transcript:

Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR

OUTLINE About various policies About various policies Roles of policies in enhancing security, privacy and usability of Distributed services Roles of policies in enhancing security, privacy and usability of Distributed services Discusses about important requirements and open research issues. Discusses about important requirements and open research issues.

OUTLINE(CONT…) Discussion is based on the following strategic goals and lines of research Discussion is based on the following strategic goals and lines of research -Broad notion of policy. -Strong and Lightweight evidence. -Automated Trust Negotiation. -Cooperative policy enforcement. How to integrate policies into trust management framework. How to integrate policies into trust management framework.

WHAT ARE POLICIES? Policies are pervasive in web applications. Policies are pervasive in web applications. Policies specify the behavior of the system Policies specify the behavior of the system They play crucial role in the area of security, privacy and business rules. They play crucial role in the area of security, privacy and business rules. They determine the success of the web services They determine the success of the web services

BROAD NOTION OF POLICY All different policies should be integrated into a single framework. All different policies should be integrated into a single framework. These policies include not only access control but also privacy policies, business rules, quality of service and among others. These policies include not only access control but also privacy policies, business rules, quality of service and among others. -Access control policies protects any system open to the internet.

BROAD NOTION OF POLICY -Privacy policy protects the user while they are browsing web and accessing web services. -Business policy specifies the condition that apply to specific customer of web services. -Other policies specify constraints related to quality of service.

BROAD NOTION OF POLICY All these policies makes decisions based on the information of the peer/user involved in the transaction. All these policies makes decisions based on the information of the peer/user involved in the transaction. -For example, age, nationality, customer profile, identity, and reputation may all be considered both in access control decisions, and in determining which discounts are applicable.

BROAD NOTION OF POLICY These kinds of policies needs to be integrated to provide These kinds of policies needs to be integrated to provide –a common infrastructure that can be used for decision making and interoperability. –Policies can be harmonized and synchronized. There are also policies which requires the events to be logged. There are also policies which requires the events to be logged. These policies are called Provisional policies. These policies are called Provisional policies. Policy specify actions to be executed along with the decision process. Policy specify actions to be executed along with the decision process.

BROAD NOTION OF POLICY Policies in these context acts as both decision support system and as declarative behavior systems. Policies in these context acts as both decision support system and as declarative behavior systems. An effective approach to policy specification could give common user a better control on the behavior of their own system. An effective approach to policy specification could give common user a better control on the behavior of their own system. Achievement of this goal depends on policies ability to interoperate with rest of the system. Achievement of this goal depends on policies ability to interoperate with rest of the system.

STRONG AND LIGHTWEIGHT EVIDENCE Policies make decisions based on properties of the peers interacting with the system. These properties may be strongly certified by cryptographic techniques, or may be reliable to some intermediate degree with lightweight evidence gathering and validation. A flexible policy framework should try to merge these two forms of evidence to meet the efficiency and usability requirements of web applications.

STRONG AND LIGHTWEIGHT EVIDENCE Trust negotiation, reputation models, business rules, and action specification languages have to be integrated into a single framework. Automated trust negotiation plays an important role in trust management.

TRUST MANGEMENT The Semantic Web is a large, uncensored system to which anyone may contribute. This raises the question of how much credence to give each source. We cannot expect each user to know the trustworthiness of each source. This is where Trust Management plays an important role in establishing the trustworthiness of each source.

APPROACHES TO TRUST MANGEMENT Two major approaches to managing trust exists Two major approaches to managing trust exists-Policy-based-Reputation-based In policy-based trust management approach strong security mechanisms are used to regulate access of user to web services. In policy-based trust management approach strong security mechanisms are used to regulate access of user to web services. Strong security mechanisms include Strong security mechanisms include signed certificates and trusted certification authorities (CAs).

APPROACHES TO TRUST MANGEMENT (CONT…) Access decisions are based on these mechanism with well defined semantics. Access decisions are based on these mechanism with well defined semantics. Provides strong verification and analysis support. Provides strong verification and analysis support. Policy-based approach helps in making a decision about the ‘trustworthiness’ of the requester. Policy-based approach helps in making a decision about the ‘trustworthiness’ of the requester. Determines whether the service/resource is allowed or denied to the requester. Determines whether the service/resource is allowed or denied to the requester.

APPROACHES TO TRUST MANGEMENT (CONT…) Reputation-based trust relies on a “soft computational” approach to the problem of trust. In this approach trust is computed based on the local experience and feedback given by the other entities in the network. In this approach trust is computed based on the local experience and feedback given by the other entities in the network. - -For Example, online buyers and sellers rate each other after each transaction. The ratings pertaining to a certain seller (or buyer) are aggregated by websites reputation system into a number reflecting seller (or buyer) trustworthiness as judged by the webpage community.

APPROACHES TO TRUST MANGEMENT (CONT…) The reputation-based approach has been favored for environments such as Peer-to-Peer or Semantic Web. The existence of certifying authorities can not always be assumed but a large pool of individual user ratings is often available. Another common approach is to make requester to commit to contract/copyrights by clicking on the “accept” button Lightest approach to trust. – –Filling an HTML form.

APPROACHES TO TRUST MANGEMENT (CONT…) In order to make decisions in Real life scenarios In order to make decisions in Real life scenarios a combination of these approaches is needed. For Example, Transaction policies must handle expenses of all magnitudes, from micro payments to credit card payments of a thousand euros or even more. The cost of the traded goods or services contributes to determine the risk associated to the transaction and hence the trust measure required. Strong evidence is generally harder to gather and verify than lightweight evidence. Sometimes, a “soft” reputation measure or a declaration in the sense outlined above is all one can obtain in a given scenario.

APPROACHES TO TRUST MANGEMENT (CONT…) Success of Trust Management depends on the ability of the system to balance trust level and risk level for each task. Success of Trust Management depends on the ability of the system to balance trust level and risk level for each task. The following are two important research directions related to the area of trust The following are two important research directions related to the area of trust - -How should different forms of trust be integrated? - -How many different forms of evidence can be conceived?

AUTOMATED TRUST NEGOTIATION Access control presents difficult problems in a distributed environment. Access control presents difficult problems in a distributed environment. This problem becomes severe when resources and subject requesting it belong to different security domains. This problem becomes severe when resources and subject requesting it belong to different security domains. Common access control mechanisms provide authorization decisions based on the identity of the requester which is ineffective. Common access control mechanisms provide authorization decisions based on the identity of the requester which is ineffective. Automated trust negotiation solves this ineffectiveness. Automated trust negotiation solves this ineffectiveness.

AUTOMATED TRUST NEGOTIATION Attribute credentials are exchanged to establish trust among strangers who wish to share a resource. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive attribute credentials by using access control policies. In ATN peers are able to automatically negotiate credentials according to their own declarative, rule-based policies.

AUTOMATED TRUST NEGOTIATION(CONT..) Rules specify for each resource or credential request which properties should be satisfied by the subjects and objects involved. At each negotiation step, the next credential request is formulated essentially by reasoning with the policy, e.g. by inferring implications or computing abductions. Thus ATN plays an important role in establishing interoperability among peers. Its depends on and actively contributes in the area of Trust Management.

AUTOMATED TRUST NEGOTIATION(CONT..) How Negotiations takes place between peers? How Negotiations takes place between peers? Web Server ask for credentials from the client requesting resource. Web Server ask for credentials from the client requesting resource. The client in turn asks for server credentials to determine the validity of the server. The client in turn asks for server credentials to determine the validity of the server. Both are in symmetrical situation. Both are in symmetrical situation.

AUTOMATED TRUST NEGOTIATION(CONT..) peer decides how to react to incoming request based on local policy. Each peer decides how to react to incoming request based on local policy. Local policy is a set of rules written in logic programming. Local policy is a set of rules written in logic programming. Requests are formulated based on the rules from the policies. Requests are formulated based on the rules from the policies. Several factors are taken into account while formulating requests. Several factors are taken into account while formulating requests.

COOPERATIVE POLICY ENFORCEMENT It involves both machine-machine and human-machine interaction. It involves both machine-machine and human-machine interaction. Machine-machine interaction is handled by the various negotiation mechanisms as discussed earlier. Machine-machine interaction is handled by the various negotiation mechanisms as discussed earlier. Human-machine interaction is more problematic than expected. Human-machine interaction is more problematic than expected.

COOPERATIVE POLICY ENFORCEMENT (CONT...) Most users lack the technical expertise to tailor existing policies to match their own needs, causing easy access to their protected resources. Most users lack the technical expertise to tailor existing policies to match their own needs, causing easy access to their protected resources. Such lack of knowledge on the part of the users also affects privacy protection. Most users are not able to personalize their information release policies to suit their needs. Such lack of knowledge on the part of the users also affects privacy protection. Most users are not able to personalize their information release policies to suit their needs.

COOPERATIVE POLICY ENFORCEMENT (CONT...) To make the user understand the meaning of responses better, we bring in co- operative policy enforcement. To make the user understand the meaning of responses better, we bring in co- operative policy enforcement. This gives users the reasons for negative responses and suggestions for how to avoid such responses in the future. This gives users the reasons for negative responses and suggestions for how to avoid such responses in the future. Greater user awareness and control on policies are the main objectives of CPE.

COOPERATIVE POLICY ENFORCEMENT (CONT...) Policies are made user-friendly by using Policies are made user-friendly by using - -rule-based policy specification language -controlled natural language -advanced explanation mechanisms

COOPERATIVE POLICY ENFORCEMENT (CONT…) Several novel aspects are described in CPE: -tabled explanation structure - -suitable heuristics for focusing explanations -Heuristics are generic, i.e. domain independent

COOPERATIVE POLICY ENFORCEMENT (CONT…) - combination of tabling techniques and heuristics yields a novel method for explaining failure.

COOPERATIVE POLICY ENFORCEMENT (CONT…) Query answering is conceived for the following categories of users: – Users who try to understand how to obtain access permissions; – Users who monitor and verify their own privacy policy; – Policy managers who verify and monitor their policies.

COOPERATIVE POLICY ENFORCEMENT (CONT...) Find the right tradeoff between explanation quality and the effort for instantiating the framework in new application domains. Second generation explanation systems prescribe a sequence of expensive steps, including the creation of an independent domain knowledge base expressly for communicating with the user. This would be a serious obstacle to the applicability of the framework.

NATURAL LANGUAGE POLICIES Policies should be written by and understandable to users, to let them control behavior of their system. Policies should be formulated based on rules and stated in simple language. the inherent ambiguity of natural language is incompatible with the precision needed by security and privacy specifications

CONCLUSION Policies represents single body of declarative rules used in many possible ways, for negotiations, query answering, and other forms of system behavior control. Transparent interoperation based on ontology sharing will determine the success of trust negotiation.

CONCLUSION(CONT…) Users have better understanding and control over the policies that govern their systems with the help of Cooperative policy enforcement and Trust Management. Users have better understanding and control over the policies that govern their systems with the help of Cooperative policy enforcement and Trust Management. Policies will have to handle decisions under a wide range of risk levels and performance requirements. Policies will have to handle decisions under a wide range of risk levels and performance requirements.

REFERENCES. 1. Semantic Web Policies - A Discussion of Requirements and Research Issues by P.A. Bonatti1, C. Duma2,N.Fuchs3,W.Nejdl4, D. Olmedilla4, J. Peer5 and N. Shahmehri2 2. M. Y. Becker and P. Sewell. Cassandra: distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, Yorktown Heights, June M. Blaze, J. Feigenbaum, and M. Strauss. Compliance Checking in the Policy- Maker Trust Management System. In Financial Cryptography, British West Indies, February P. A. Bonatti, N. Shahmehri, C. Duma, D. Olmedilla, W. Nejdl, M. Baldoni, C. Baroglio, A. Martelli, V. Patti, P. Coraggio, G. Antoniou, J. Peer, and N. E. Fuchs. Rule-based policy specification: State of the art and future work. Technical report, Working Group I2, EU NoE REWERSE, aug deliverables/i2-d1.pdf. 5. P.A. Bonatti, D. Olmedilla, and J. Peer. Advanced policy queries. Technical Report I2-D4, Working Group I2, EU NoE REWERSE, Aug

REFERENCES 6. P.A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 10(3):241–272, Short version in the Proc. of the Conference on Computer and Communications Security (CCS’00), Athens, Piero A. Bonatti, Claudiu Duma, Daniel Olmedilla, and Nahid Shahmehri. An integration of reputation-based and policy-based trust management. In Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland, nov Piero A. Bonatti and Daniel Olmedilla. Driving and monitoring provisional trust negotiation with metapolicies. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pages 14–23, Stockholm, Sweden, jun IEEE Computer Society. 9. Paulo P. da Silva, Deborah L. McGuinness, and Richard Fikes. A proof markup language for semantic web services. Technical Report KSL Tech Report KSL-04-01, January, Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons, and Marianne Winslett. No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In 1st European Semantic

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.