Rights management Vicky Weissman

Slides:

Advertisements

Similar presentations

SharePoint Forms All you ever wanted to know about forms but were afraid to ask.

Advertisements

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.

M2 – Explain the tools and techniques used in the creation of an interactive website. By Arturas Vitkovskij.

1 CS101 Introduction to Computing Lecture 17 Algorithms II.

Authorization Policies Vicky Weissman

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

INTERPRETER Main Topics What is an Interpreter. Why should we learn about them.

A Formal Foundation for XrML Vicky Weissman Joint work with Joe Halpern.

A Formal Foundation for XrML Vicky Weissman Joint work with: Joseph Halpern.

Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Traditional Information Extraction -- Summary CS652 Spring 2004.

CS 330 Programming Languages 09 / 13 / 2007 Instructor: Michael Eckmann.

1 CA 208 Logic Logic Prof. Josef van Genabith Textbooks:  The Essence of Logic, John Kelly, Prentice Hall, 1997  Prolog Programming, Third Edition, Ivan.

B-1 Lecture 2: Problems, Algorithms, and Programs © 2000 UW CSE University of Washington Computer Programming I.

Using First-order Logic to Reason about Policies Vicky Weissman Joint work with: Joseph Halpern and Carl Lagoze.

DT228/3 Web Development JSP: Directives and Scripting elements.

Assignment 1 Pointers ● Be sure to use all tags properly – Don't use a tag for something it wasn't designed for – Ex. Do not use heading tags... for regular.

A logic for reasoning about digital rights Riccardo Pucella, Vicky Weissman Cornell University.

A Formal Foundation for ODRL What’s ODRL?  An XML-based language for writing software licenses. Language specification includes:  syntax  English interpretation.

Towards a policy language for humans and computers Vicky Weissman Joint work with Carl Lagoze.

Saul Greenberg, James Tam Task Centered Design: Background The Situation A small library has contracted you to build a computer system that will let librarians.

CS510 Concurrent Systems Class 5 Threads Cannot Be Implemented As a Library.

1 Software Requirements Specification Lecture 14.

Computer Literacy PowerPoint Dustin Llanes Comm. 165.

 MODERN DATABASE MANAGEMENT SYSTEMS OVERVIEW BY ENGINEER BILAL AHMAD

Programming Logic and System Analysis

Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

1 Filtering - Is This The Answer? Sarah Ormes UKOLN University of Bath Bath, BA2 7AY UKOLN is funded by the Library and Information Commission, the Joint.

Use Cases Why use ‘em? How do they work? UC diagrams Using them later in the software development cycle.

Introduction CSE 1310 – Introduction to Computers and Programming

Intro to Discrete Structures

Multimedia & The World Wide Web winny HCI 201 Multimedia and the www.

Win8 on Intel Programming Course The challenge Paul Guermonprez Intel Software

The Internet A Wide Area Network across the world The network of networks –Lots of smaller networks joined together.

Simple Program Design Third Edition A Step-by-Step Approach

1 Web Developer Foundations: Using XHTML Chapter 10 Helper Applications and Plug-in Concepts.

Introduction CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

Introduction CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.

TMF1013 : Introduction To Computing Lecture 1 : Fundamental of Computer ComputerFoudamentals.

UNIT 14 1 Websites. Introduction 2 A website is a set of related webpages stored on a web server. Webmaster: is a person who sets up and maintains a.

Unit 2, cont. September 12 More HTML. Attributes Some tags are modifiable with attributes This changes the way a tag behaves Modifying a tag requires.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

Web User Controls This presentation will cover the basics of defining, creating and using a web user control. Presented to Twin Cities.NET user group By.

CE Operating Systems Lecture 3 Overview of OS functions and structure.

Course Overview and Road Map Computability and Logic.

240-Current Research Easily Extensible Systems, Octave, Input Formats, SOA.

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

Task 1-Language Choice By Joshua Wild.

Multiplying Decimals © Math As A Second Language All Rights Reserved next #8 Taking the Fear out of Math 8.25 × 3.5.

1Computer Sciences Department. Book: INTRODUCTION TO THE THEORY OF COMPUTATION, SECOND EDITION, by: MICHAEL SIPSER Reference 3Computer Sciences Department.

A Puzzle for You. Puzzle Someone is working for you for 7 days You have a gold bar, which is segmented into 7 pieces, but they are all CONNECTED You have.

1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.

CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.

CSE 311 Foundations of Computing I Lecture 28 Computability: Other Undecidable Problems Autumn 2011 CSE 3111.

Introduction CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.

Creative Commons License. What is Creative Commons? Straight from the horse’s mouth: A video from creativecommons.orgvideo.

Course: Software Engineering – Design I IntroductionSlide Number 1 What is a specification Description of a (computer) system, which:  is precise;  defines.

ICS124 Session 9 Flowcharting 1. By the end of this section the student will be able to:  Name the three structures of the Structure Theorem  Identify.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Group E - Enrico Costanza Sam Holder, Jonathan Stephens-Jones, Joseph Buckingham, Crispin Clark, Benjamin Dixon Creative Commons, Open Source, Open Movements.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Lecture 2 Introduction to Programming

Introduction CSE 1310 – Introduction to Computers and Programming

Copyright Basics for Educators Charles Crowley - EDTC Fall Evans

CSE451 Virtual Memory Paging Autumn 2002

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Student Name Student Class

Presentation transcript:

Rights management Vicky Weissman

Policies A policy is a set of a conditions under which an action is permitted or forbidden. Simple examples: CS 502 students cannot edit the course website. A student can only modify a course web page with the instructor’s permission. More complicated examples: To borrow a book from the library, you must have a library card and you must either bring the book back in 2 weeks or pay a fine. A license is a type of policy; it says what a client needs to do to access a resource legitimately.

Goals Write policies unambiguously. Reason about the policies in a provably correct way. Is a particular action such as Alice editing the CS 502 web site allowed? Forbidden? Are the policies consistent? In other words,do they allow and forbid the same action? Enforce the policies in a provably correct way. We want to: A policy is a set of a conditions under which an action is permitted or forbidden.

Writing unambiguous policies Policies written in natural languages, like English, are often ambiguous. Ex: A student can only modify a course web page with the instructor’s permission.

Writing unambiguous policies Policies written in natural languages, like English, are often ambiguous. Ex: A student can only modify a course web page with the instructor’s permission. If the student has the instructor’s permission, can the student edit the page?

Writing unambiguous policies Policies written in natural languages, like English, are often ambiguous. Ex: A student can only modify a course web page with the instructor’s permission. If the student has the instructor’s permission, can the student edit the page? Does the policy apply to courses with multiple instructors? If so, whose permission do you need?

Isn’t this an old problem? Well, yes. But policies for digital objects can be more complex. Consider a library patron borrowing a book If it’s a digital object, pictures can be blurred or hidden, according to a policy agreement. Certain portions of the text can be blocked out. If it’s a physical book, the library either needs a copy for each type of policy or can only regulate who sees the book as a single unit.

Automatic enforcement Digital works typically are protected by automatic means (e.g. software), so there’s no person we can trust. We can tell a librarian what the policies are and, if we haven’t considered a scenario, then the librarian can ‘do something reasonable’. If a computer program gets input that it wasn’t expecting, what’s the likelihood that it will do something reasonable?

Bottom line We want to state, reason, and enforce policies. The policies we’re interested in are more complex than we’ve had before. The standard solution of relying on a trusted person to ‘act reasonably’ is no longer an option.

Current solutions in industry Make policies VERY simple. For example, digital libraries often only have digital objects that are in the public domain. Alternatively, many libraries only differentiate between subscribers and non- subscribers. Use a commercial right’s language (eg. XrML, ODRL, …).

XrML Looks like HTML. Has tons of predefined tags like: Allows people to make new tags for their specific needs.

Benefits of using XrML Popular. Policy makers don’t have to learn too much ‘new lingo’ when going from app to app. Allows common enforcement mechanisms across apps. Fairly easy to use. Extremely flexible.

Disadvantages of XrML No formal semantics. Semantics tell us what the symbols in a language mean. The only meaning I’ve found given to the predefined tags are in English – which we’ve already argued is ambiguous. If we don’t have unambiguous semantics, then we cannot hope to reason about policies or enforce them in a provably correct way. People who use XrML are writing policies that ‘seem right’ without anyone knowing precisely what is intended or exactly what is allowed.

Other options- use logic Policies can be expressed in first-order logic. Example: students cannot edit the website  i (student(i) => ¬Permitted(i, edit website))

Pros and Cons of using logic Benefits Well-understood. Extremely flexible. Has formal semantics. Disadvantages Not user-friendly -> needs intuitive GUI. Most interesting questions are provably undecidable -> need to find a fragment of first-order logic that is expressive and tractable. Semantics tell us what the symbols in a language mean.

Another option: Regular expressions Policies are captured by automatons. Start State give CUID use photocopier give acct # pay fee Above automaton says the photocopier can be used by anyone whose paid the fee or has given both a CUID and an acct number.

Pros and cons of reg. expr. Pros Well-understood. Easy to give formal semantics. Easy to reason about. Cons Not as expressive as first-order logic. Not as user-friendly as natural languages or commercial rights languages like XrML. Semantics tell us what the symbols in a language mean.

Reasoning about policies for policies written in any language without formal semantics – this includes natural languages like English, XrML, ODRL – reasoning requires a judge for policies written as regular expressions – reasoning strategy depends on the chosen formal semantics.

Reasoning about policies in first-order logic Can Alice edit 502 web site? Given: policies p 1, …, p n (written in fol) and facts about the world E (e.g. Senior(Alice)  (  i (Senior(i) => Student(i)))  …) Alice can edit if: E  p 1  …  p n => Permitted(Alice, edit 502 site) is valid (i.e. if E and all the policies hold, then Alice may edit the site, regardless of any other policies and facts).

Enforcement There are lots of mechanisms to enforce policies. For an overview, take Prof. Schneider’s CS 513: System Security course or read the course’s notes. One interesting mechanism that is particularly well-suited to digital objects is in-line reference monitors (IRM).

IRM idea Suppose you wanted to write a code fragment A that could only be executed by students. You could write: if (student) {A} But if you did this, then the policy and ‘real code’ are mushed together so its hard to see what either is doing and it’s hard to modify either component (e.g. change ‘students’ to ‘students and faculty’). The IRM idea is to write and maintain the policy and code separately. Immediately before execution, the IRM monitor interleaves them.

Conclusion Policies are becoming increasingly complex and the solution in the physical world doesn’t translate to cyberspace. There are a lot of ways to write policies, but none is a clear winner. Need formal semantics if you’re going to reason and/or enforce policies in a provably correct way. Formal semantics may not be enough to do this. There are a ton of open questions, got research?