Towards a policy language for humans and computers Vicky Weissman Joint work with Carl Lagoze.

Slides:

Advertisements

Similar presentations

Advertisements

Lawrence C. Ragan Penn State’s World Campus Defining Quality Standards for Online Education CADE, Calgary May 2002.

Authorization Policies Vicky Weissman

 Caesar used to encrypt his messages using a very simple algorithm, which could be easily decrypted if you know the key.  He would take each letter.

Chapter Two Gathering Information Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter2.1.

PHONEXIA Can I have it in writing?. Discuss and share your answers to the following questions: 1.When you have English lessons listening to spoken English,

A Formal Foundation for XrML Vicky Weissman Joint work with Joe Halpern.

COMP106 Assignment 2 – A new interface design Proposal 6.

1 CSE 417: Algorithms and Computational Complexity Winter 2001 Lecture 20 Instructor: Paul Beame.

A Formal Foundation for XrML Vicky Weissman Joint work with: Joseph Halpern.

Extensible Semantics for XrML Vicky Weissman Joint work with Joe Halpern.

1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.

Using First-order Logic to Reason about Policies Vicky Weissman Joint work with: Joseph Halpern and Carl Lagoze.

Natural Language Query Interface Mostafa Karkache & Bryce Wenninger.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Microsoft ® Office Outlook ® 2007 Training Manage your mailbox II: Understand your choices for storing Doña Ana Community College presents:

A Formal Foundation for ODRL What’s ODRL?  An XML-based language for writing software licenses. Language specification includes:  syntax  English interpretation.

Rights management Vicky Weissman

Foundations of Cryptography Lecture 2 Lecturer: Moni Naor.

Speaking Sample Items for Scoring Practice Speaking Components Speaking Scoring Guide Test Administration Manual Student Speaking Prompts- on CD Input.

Traditional Method One mean, sigma known. The Problem In 2004, the average monthly Social Security benefit for retired workers was $ with a standard.

Domain Names, Internationalization, and Alternatives John C KLENSIN © John C Klensin, 2002.

Abstraction IS 101Y/CMSC 101 Computational Thinking and Design Tuesday, September 17, 2013 Carolyn Seaman University of Maryland, Baltimore County.

SESSION 2 OF THE COMPUTER TRAINING COURSE CALLED POWER POINT GIVEN AT THE RECOVERY LEARNING COMMUNITIESPOWER POINT PRESENTED BY JOHN MUDIE & STEPHANIE.

Chapter 16 Can Computers Think (now or in the future)? Can Computers Think (now or in the future)?

Microsoft ® Office Access ™ 2007 Training Choose between Access and Excel ICT Staff Development presents:

7 Graph 7.1 Even and Odd Degrees.

Aardvark Anatomy of a Large-Scale Social Search Engine.

Unit 1 – Improving Productivity Ryan Taroni Instructions ~ 100 words per box.

Writing Tips: The Word “Prove” Generally, practicing scientists refrain from using the word prove and its variations (proof, proven, etc) –“Prove” is avoided.

| e n a b l i n g | i n t e r a c t i v e | a d a p t i v e | O V E R V I E W Providing secure access to real-time data via the Internet Focused on delivering.

(CSC 102) Lecture 3 Discrete Structures. Previous Lecture Summary Logical Equivalences. De Morgan’s laws. Tautologies and Contradictions. Laws of Logic.

Questions. What is a question? Something that is asked A statement that needs a reply To ask for information Something you wonder about.

ECE450 - Software Engineering II1 ECE450 – Software Engineering II Today: Design Patterns IX Interpreter, Mediator, Template Method recap.

Multiplying Whole Numbers © Math As A Second Language All Rights Reserved next #5 Taking the Fear out of Math 9 × 9 81 Extending Single Digit Multiplication.

Using the Right Method to Collect Information IW233 Amanda Murphy.

Unit 1 – Improving Productivity Instructions ~ 100 words per box.

Kendall & KendallCopyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall4-1 Interactive Methods to collect Information Requirements Interviewing.

CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.

Topic Sentences Part Two.

Hypothesis Testing An understanding of the method of hypothesis testing is essential for understanding how both the natural and social sciences advance.

English Language Arts Strategies/Overview. Big Picture Questions Reading Section Rules: 1. Look for the main idea! This is a simple and effective way.

Build a database V: Create forms for a new Access database Overview: A window into your data So far in this series of courses, you’ve built tables, relationships,

September XACML: Consistency analysis Luigi Logrippo Université du Québec University of Ottawa

HSC: All My Own Work What is copyright and what does it protect? How does it relate to me?

Online Journalism in Agricultural Communication Agricultural Communication and Leadership.

Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.

Copyright Laws How to Get Permission? By: Ruth Garza EDTC

WRITING FROM OBSERVATION ESSAY 2. TIME TO OBSERVE On your computer, type adjectives that describe the type of individual in the image that you see. Words.

Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.

- A “Portable” Implementation

Outline What does the OS protect? Authentication for operating systems

Modularity and Memory Clearly, programs must have access to memory

Outline What does the OS protect? Authentication for operating systems

By Dr. Abdulrahman H. Altalhi

CS61C : Machine Structures Lecture 6. 2

Representing Characters

PT2520 Unit 2: Gather Information and Define Requirements

Privacy Protection for Social Network Services

Consensus Algorithms.

Avoiding First and Second Person

Low-Fi Prototype and Testing

Presentation transcript:

Towards a policy language for humans and computers Vicky Weissman Joint work with Carl Lagoze

The big picture A policy says that under certain conditions an action, such as downloading a file, is permitted or forbidden. Digital content providers want to write policies about how their works may be accessed, and to have those policies enforced.

Diverse apps – same need Because we can’t regulate access to online content with precision: Digital libraries can’t put certain content online; it might violate IP laws. The Greek Orthodox Archdiocese of America is wary of defamation. Cultural traditions aren’t respected. (Australian Aboriginal communities often restrict access to a clan or gender.)

XrML to the rescue XrML is a XML-based language for writing policies. The specification includes an algorithm that determines if a set of policies imply a permission. Idea: write policies in XrML, enforce them using the algorithm.

Industry likes XrML XrML endorsed by Adobe, Hewlett- Packard, Microsoft, Xerox, Barnesandnoble.com, MPEG International Standards Committee… Microsoft and others plan to make XrML-compliant products. Will tomorrow’s OS, DVD player, … enforce XrML policies?

XrML Shortcomings Usability To read/write policies in XrML requires a significant amount of training. Even with training, writing policies is non- trivial and reading XrML policies is difficult.

A partial solution Build a nice interface. Users enter policies through the interface and then their input is translated to XrML. UI Translator to XrML User Input User Input in XrML

Problem There probably isn’t a single interface that is appropriate for all users. So, we need an interface for each user community (e.g. musicians, publishers,…) UI 1 UI n Translator 1 to XrML Translator n to XrML ……………………………… ……… User Input User Input in XrML

Another problem Whose going to write the translations? Presumably, the UI designer. So, each UI writer is going to have to learn XrML and write a translator from input via their UI to XrML policies? There must be a better way!

Our solution Create a language that the UI designers can learn quickly and use easily. Then provide a translation from the intuitive language to XrML.

The big picture UI n UI 1 ……………………………. Translator n to R User Input Translator to XrML User Input in R Translator 1 to R …………. Let R represent the new language.

Benefits of this approach If industry decides to enforce a new language, only one translation changes. UI n UI 1 ………………………………………………………. Translator n to R User Input Translator to new language User Input in R Translator 1 to R ……………………

Benefits of this approach Similarly, if some products use XrML, others ODRL, …, need 1 new translator/language. UI n UI 1 ………………………………………………………. Translator n to R User Input Translator to XrML User Input in R Translator 1 to R …………………… Translator to ODRL

Goal To create a language that is at least easier to use than XrML. Ideally, find a language that is easy to use. Big Idea: Base the policy language on a natural language; one that non-experts already know. We use English, but expect that our results readily translate to other (human) languages.

Rosetta We call the new language Rosetta. Rosetta is essentially a set of templates for creating English sentences. A sentence is in Rosetta, if we can create it by filling-in one of the templates with appropriate values.

Simple templates Rosetta includes the templates is. may. Given these templates, I claim that we can write the sentence `Alice is smart’.

Simple templates Rosetta includes the templates is. Alice is smart. is. may. Given these templates, I claim that we can write the sentence `Alice is smart’.

Simple templates Rosetta includes the templates is. may. Similarly, we can write `Bob is a student.’

Simple templates Rosetta includes the templates is. Bob is a student. may. Similarly, we can write `Bob is a student.’

Simple templates Rosetta includes the templates is. may. It’s easy to see that `Bob may watch `Finding Nemo’’. is in Rosetta, because it matches the third template.

Simple templates Rosetta includes the templates is. may. Other simple templates in Rosetta can be used to capture sentences such as: `Every employee is trusted’ and `Clark Kent is Superman’.

Conditionals Rosetta includes “if then’’ statements of the form if and … and then ss, where ss = simple statement E.g. If today is Saturday and Alice is good, then Alice may watch `Finding Nemo’.

Empirical Observations Simple and `if then’ sentences seem to be sufficiently expressive to capture most (all?) policies of practical interest. But capturing all simple and `if then’ sentences is non-trivial. In particular, pronouns and prepositional phrases are difficult to support.

Pronouns Consider the statement `if a toddler kicks Alice, then she is angry’. Who is angry? Answer 1: the toddler, otherwise she wouldn’t have kicked Alice. Answer 1: Alice, because she has been kicked. Bottom line: Sentence is ambiguous, so we don’t know how to translate it. pronoun

Our solution: Labels If Alice is angry, then we can write the sentence without using a pronoun. `if a toddler kicks Alice, then Alice is angry.’ Otherwise, we replace the pronoun with a label that is associated with the toddler. `if a toddler t kicks Alice, then t is angry’ Labels are not part of standard English, but seem fairly intuitive.

Prepositions Prepositions can also cause ambiguity. E.g. `Alice designed the library in London’. Sentence could mean that Alice designed the library that is in London or that Alice designed the library when she was in London. We choose the first interpretation, but this might not be the best solution. Maybe we should ask the writer? Prepositional Phrase

Expressivity If we include propositions in Rosetta, then Rosetta is almost as expressive as XrML. Also, it’s easy to extend Rosetta to include all of XrML, but the sentences are a bit unwieldy. E.g. if the statements: s 1,…, s n imply that Alice is good, then she may watch `Finding Nemo’.

Beyond XrML We can easily extend Rosetta to include sentences with negation. E.g. If Alice is not good, then she may not watch `finding Nemo’. Since XrML does not support negation, we couldn’t translate the extended Rosetta to XrML.

Summary XrML is a policy language that is difficult to use, but will likely be enforced automatically by many next-generation products. Rosetta is a first-step towards an appropriate front end for XrML. It can serve as a front-end to other policy languages as well. Future work includes usability testing.