Naftaly Minsky Rutgers University Law-Governed Interaction: a Decentralized Access-Control Mechanism.

Slides:

Advertisements

Similar presentations

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

Advertisements

2/11/2014 8:44 AM The CDA Release 3 Specification Stack September 2009 HL7 Services-Aware Enterprise Architecture Framework (SAEAF)

Law Governed Peer-to- Peer Auctions Marcus Fontoura IBM Almaden Research Center Mihail Ionescu Naftaly Minsky Rutgers University.

Distributed Scheduling in Supply Chain Management Emrah Zarifoğlu

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.

OASIS Reference Model for Service Oriented Architecture 1.0

Naftaly Minsky Rutgers University Law-Governed Multi-Agent Systems: From Anarchy to Order “Law is order, and good law is good order” Aristotle, Politics.

Flexible Regulation of Virtual Enterprises Naftaly Minsky Rutgers University Joint work with Xuhui Ao.

A Dependable Auction System: Architecture and an Implementation Framework

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Naftaly Minsky Rutgers University Preventing Theft By Keeping Good Company.

1 Regulating the Synchronous Interaction of Web-Services Constantin Serban Department of Computer Science Rutgers University.

Peer-to-Peer Computing

Ant Colonies As Logistic Processes Optimizers

WPDRTS ’05 1 Workshop on Parallel and Distributed Real-Time Systems 2005 April 4th and 5th, 2005, Denver, Colorado Challenge Problem Session Detection.

ATSN 2009 Towards an Extensible Agent-based Middleware for Sensor Networks and RFID Systems Dirk Bade University of Hamburg, Germany.

Ch1: File Systems and Databases Hachim Haddouti

A Mobile Agent Infrastructure for QoS Negotiation of Adaptive Distributed Applications Roberto Speicys Cardoso & Fabio Kon University of São Paulo – USP.

Enhancing the Platform Independence of the Real-Time Specification for Java Andy Wellings, Yang Chang and Tom Richardson University of York.

Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.

1/25/2000 Active Names: Flexible Location and Transport of Wide-Area Resources Luis Rivera.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

P2P Systems Meet Mobile Computing A Community-Oriented Software Infrastructure for Mobile Social Applications Cristian Borcea *, Adriana Iamnitchi + *

Coordinating COTS Applications via a Business Event Layer Presented By: Maria Baron Written By: Lemahieu, Snoeck, Goethals, De Backer, Haesen, Vandenbulcke.

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

CS An Overlay Routing Scheme For Moving Large Files Su Zhang Kai Xu.

Engineering Law-Governed Approaches How to reuse, extend and compose interaction specifications Gustavo Carvalho, Carlos Lucena

Naftaly Minsky Rutgers University Imposing Order Over Irregular & Open Systems.

Governance in Multi-Agent Systems Using Testimonies to Enforce the Behavior of Agents Fernanda Duran, Viviane Torres da Silva.

Assessing the Suitability of UML for Modeling Software Architectures Nenad Medvidovic Computer Science Department University of Southern California Los.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

95-843: Service Oriented Architecture 1 Master of Information System Management Service Oriented Architecture Lecture 3: SOA Reference Model OASIS 2006.

Future of the Server Room Tour. Ottawa Montreal Calgary Vancouver Toronto Future of Your Server Room Three Pillars of Windows Server 2008 Virtualization.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:

Workshop on Future Learning Landscapes: Towards the Convergence of Pervasive and Contextual computing, Global Social Media and Semantic Web in Technology.

Rob Smith April 21, /18 GOLD Project Update Meeting GOLD an infrastructural approach to virtual organisations.

Standards Analysis Summary vMR –Pros Designed for computability Compact Wire Format Aligned with HeD Efforts –Cons Limited Vendor Adoption thus far Represents.

Semantic based P2P System for local e-Government Fernando Ortiz-Rodriguez 1, Raúl Palma de León 2 and Boris Villazón-Terrazas 2 1 1Universidad Tamaulipeca.

2007/03/26OPLAB, NTUIM1 A Proactive Tree Recovery Mechanism for Resilient Overlay Network Networking, IEEE/ACM Transactions on Volume 15, Issue 1, Feb.

SEMANTIC AGENT SYSTEMS Towards a Reference Architecture for Semantic Agent Systems Applied to Symposium Planning Usman Ali.

OOAD Unit – I OBJECT-ORIENTED ANALYSIS AND DESIGN With applications

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

1 Object Oriented Logic Programming as an Agent Building Infrastructure Oct 12, 2002 Copyright © 2002, Paul Tarau Paul Tarau University of North Texas.

Scalable Trust Community Framework STCF (01/07/2013)

An Event-Driven High Level Model for the Specification of Laws in Open Multi-Agent Systems Rodrigo Paes

Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Towards Decentralized Resource Allocation for Collaborative Peer- to-Peer Learning Environments Xavier Vilajosana, Daniel Lázaro and Joan Manuel Marquès.

Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.

1 SOA Seminar Seminar on Service Oriented Architecture SOA Reference Model OASIS 2006.

 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. SOA-RM Overview and relation with SEE Adrian Mocan

Delegation of Intent via Conversation David E. Ellis.

Naftaly Minsky Computer Science Department Rutgers University Reducing Spam by Not Sending it or Can the Spam “Arms Race” be Won?

The Biologically Inspired Distributed File System: An Emergent Thinker Instantiation Presented by Dr. Ying Lu.

Lan Zhou, Vijay Varadharajan, and Michael Hitchens

Organization Structure and Management Systems

Enterprise Service Bus (ESB) (Chapter 9)

Role-Based Access Control Richard Newman (c) 2012 R. Newman

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.

The Current State of CBSE

COT 5611 Operating Systems Design Principles Spring 2014

Presentation transcript:

Naftaly Minsky Rutgers University Law-Governed Interaction: a Decentralized Access-Control Mechanism

2 N. Minsky, Ottawa April/05 outline  The challenges.  The concept of law-governed interaction (LGI), and how it meets these challenges.  An example: flexible regulation of dynamic coalitions.  Conclusion: The release of LGI.

3 N. Minsky, Ottawa April/05 The Challenges Facing Access Control  The distributed and open nature of systems, and their large scale.  The need for more sophisticated policies, which may be statful (sensitive to the history of interaction), and proactive (not limited to permission/prohibition.)  The need for communal (rather than server-centric) policies, such as:  different servers subject to the same enterprise-wide policy  P2P communities  The need for interoperation between different policies, and for “conformance hierarchies” (e.g., in virtual enterprises)  The real challenge is to meet all the above needs, via a single mechanism, and to do it scalably.

4 N. Minsky, Ottawa April/05 Server-Centric Access-Control (AC) Reference Monitor (RM) server It generally supports only stateless, purely reactive, ACL-based policies, enhanced with RBAC—and this is far from sufficient.

5 N. Minsky, Ottawa April/05 Enforcing a Communal AC Policy Enterprise-wide (communal) policy P Enterprise delegate The communal policy may be that certain type of transactions need to be monitores…

6 N. Minsky, Ottawa April/05 The Concept of Law-Governed Interaction (LGI)  LGI is a message exchange mechanism that enables a community of distributed agents to interact under an explicit and strictly enforced policy, called the “law” of this community.  Some characteristics of LGI:  A communal, rather than server-centric, control.  High expressive power, including stateful and proactive laws—which is sensitive to roles (in much more general manner than RBAC)  Laws can be written either in prolog, or in Java  Incremental deployment, and efficient execution  A single system may have a multitude of interrelated laws, which may interoperate, and be hierarchically organized.  Enforcement is decentralized---for scalability.

7 N. Minsky, Ottawa April/05 Centralized Enforcement of Communal Policies * The problems: potential congestion, and single point of failure m’ x u v y m ==> y m ==> x m Legend: P---Explicit statement of a policy. I---Policy interpreter S---the interaction state of the community P I S Reference monitor * Replication does not help, if S changes rapidly enough

8 N. Minsky, Ottawa April/05 Distributed Law-Enforcement under LGI L I S x u v y L I SxSx L I SvSv L I SySy L I SuSu m ==> y m’ m’’ m m ==> y m

9 N. Minsky, Ottawa April/05 The local nature of LGI laws  Laws are defined locally, at each agent:  They deal explicitly only with local events—such as the sending or arrival of a message.  the ruling of a law for an event e at agent x is a function of e, and of the local control state CS X of x.  a ruling can mandate only local operations at x.  Local laws can have powerul global consequences— because of their global purview.  This localization does not reduce the expressive power of LGI laws,  and it provides scalability for many (althouh not all) laws.

10 N. Minsky, Ottawa April/05 Deployment of LGI (Using Distributed TCB) I I I I IIx y controller service adopt(L, name) adopt(…) m’ m’’ L m ==> y L

11 N. Minsky, Ottawa April/05 Motivating the Need for Interoperability, and for Policy-Hierarchy  Consider a coalition C of enterprises {E 1,..., E n }, governed by a coalition-policy P C ---where each E i is governed by its own internal-policy P i. E3E3 E2E2 E1E1 P2P2 P1P1 P3P3 PCPC

12 N. Minsky, Ottawa April/05 The Main Problems  The flexible formulation of these policies, so that (a) they will be consistent, and (b) their specification and evolution would be manageable.  Enforcement of these policies in a scalable manner.

13 N. Minsky, Ottawa April/05 Example (cont.) E2E2 E3E3 E1E1 Roles: each Ei has its director Di; and the coalition C has a director D C. A director Di can mint Ei-currency $ i needed to pay for services provided by Ei and it can give D C some of this currency A director D C can distribute some of its B($ 1 ) budget among other directors A director D 2 can distribute its B($ 1 ) budget among agents at its enterprise B($ 1 ) B1B1 All service requests should be monitored PCPC P2P2 P1P1

14 N. Minsky, Ottawa April/05 Enforcement by Composition …  Given the set {P C, P 1,..., P n } of policies.  Construct a set {P i,j } of compositions: where P i,j = composition (P i, P C, P j ).  Provide these compositions to the reference monitor (RM) that mediates all coalition-relevant interactions.  Compositions were studied by: Gong & Qian 96, and by Bidan & Issarny 98,...

15 N. Minsky, Ottawa April/05 … and its Problematics  It is unlikely for arbitrary, and independently formulated, policies to be consistent—such composition is likely to end with a big bang.  Policy composition is computationally hard (McDaniel & Prakash 2002) and we need N^2 such compositions!  Inflexibility: consider changing a single P i...  Overly centralized, thus unscalable.  The RM need to be trusted by all coalition members.  Alternatively we can have N^2 different RMs, R i,j each trusted by {E i, C, E j }—still problematic.

16 N. Minsky, Ottawa April/05 The Proposed Approach  Instead of creating N^2 compositions (P i, P C, P j ), we will enable each enterprise E i to create its own policy P i, subject only to the constraint that P i would conform to P C.  We will then allow E i and E j to interoperate, once each of them enforces its own policy.

17 N. Minsky, Ottawa April/05 Hierarchy Organization of Coalition Policies PCPC P1P1 P2P2 PnPn superiorsubordinate P i is defined as subordinate to P c, as thus constrained to conform to it.

18 N. Minsky, Ottawa April/05 Interoperability  Let us focus on the interoperability between E 2 and E 1 E3E3 E2E2 E1E1 P2P2 P1P1 P3P3 PCPC

19 N. Minsky, Ottawa April/05 Interoperability (cont.) imported(x,P 2,m) E2E2 E1E1 x y Authenticated by CA 2 and CA C Authenticated by CA 1 and CA C controller P1P1 P2P2 C x C y CS x II m export(m,y,P 1 )

20 N. Minsky, Ottawa April/05 Conclusion  LGI implementation via the Moses middleware is to be released in May 2005, via:  This release does not support policy hierarchy.

Questions?