1 Web Policy Zeitgeist Kent Seamons Internet Security Research Lab Brigham Young University Panel Presentation The Semantic Web and Policy Workshop (SWPW)

Slides:



Advertisements
Similar presentations
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Advertisements

NRL Security Architecture: A Web Services-Based Solution
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Core Web Service Security Patterns
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
MITP 458 Application Layer Security By Techjocks.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authorization.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
EbXML Overview Dick Raman CEO - TIE Holding NV Chairman CEN/ISSS eBES Vice Chair EEMA and HoD in UN/CEFACT Former ebXML Steering Group.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Cryptography, Authentication and Digital Signatures
Writing More Effective NSF Proposals Jeanne R. Small Oklahoma City, Oklahoma March 2, 2006 Division of Undergraduate Education (DUE) National Science Foundation.
ApplicationsApplications Mills Davis Ana Cristina Garcia Peter Mika Gerti Orthofer Giovanni Sacco Maria A. Wimmer (Moderator)
Configuring Directory Certificate Services Lesson 13.
AMPol-Q: Adaptive Middleware Policy to support QoS Raja Afandi, Jianqing Zhang, Carl A. Gunter Computer Science Department, University of Illinois Urbana-Champaign.
EU Project proposal. Andrei S. Lopatenko 1 EU Project Proposal CERIF-SW Andrei S. Lopatenko Vienna University of Technology
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
Levels of Assurance in Authentication Tim Polk April 24, 2007.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Shibboleth: An Introduction
22/01/2004Daniel Olmedilla1 INTEGRATING PROLOG IN TRUST NEGOTIATION Software Project / Summer Semester /04/2004 Daniel Olmedilla L3S / University.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Information Technology Needs and Trends in the Electric Power Business Mladen Kezunovic Texas A&M University PS ERC Industrial Advisory Board Meeting December.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
Web Services Security Patterns Alex Mackman CM Group Ltd
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E MyAPNIC Project Features & Facilities Prototype Demo.
Slide no 1 Cognitive Systems in FP6 scope and focus Colette Maloney DG Information Society.
GAS ontology: an ontology for collaboration among ubiquitous computing devices International Journal of Human-Computer Studies (May 2005) Presented By.
Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.
CLOUDENTIFY.
Secure Single Sign-On Across Security Domains
Simple Authentication for the Web
Kent Seamons Brigham Young University Marianne Winslett, Ting Yu
Tim van der Horst, Tore Sundelin, Kent Seamons, and Charles Knutson
High Performance Computing Center – HLRS
Protecting Privacy During On-line Trust Negotiation
Hidden Credentials Jason E. Holt, Robert Bradshaw, Kent E. Seamons
Presentation transcript:

1 Web Policy Zeitgeist Kent Seamons Internet Security Research Lab Brigham Young University Panel Presentation The Semantic Web and Policy Workshop (SWPW) Galway Ireland November 7, 2005

2 Zeitgeist Some writers and artists assert that the true zeitgeist of an era cannot be known until it is over Opinions, that deviate from the ruling zeitgeist, always aggravate the crowd Germaine de Stael "the spirit (Geist) of the time (Zeit)“

3 Outline Policies must be ? Opinions based on my experience Opinions based on my experience The future of Policy Zeitgeist A challenge to the policy community A challenge to the policy community

4 My Background Applied research – industry and academia Database Systems – my roots Security in Open Systems – trust negotiation - current research

5 Security in Open Systems Closed system: the world of passwords and tokens, identity-based Open system: authentication with unknown entities (strangers), attribute- based Example: credit cards—nearly universal trust for financial authentication

6 Trust Negotiation Iterative exchange of credentials based on policy requirements Goals Automated – little or no user intervention Automated – little or no user intervention Open – previously unknown parties may authenticate Open – previously unknown parties may authenticate

7 Trust Negotiation Example Step 1: Fred requests information from Server Step 6: Server grants access to the information Info Step 3: Fred discloses his access control policy 1 City of “Far Away” Server Info 2 Fire Chief Fred the Fire Chief 1 Step 2: Server returns access control policy for the info 2 Step 4: Server discloses his Server credential Step 5: Fred discloses his Fire Chief credential Fire Chief

8 Trust Negotiation Policies Attribute-based policies for authentication and authorization in open systems Part of a much broader notion of policy Part of a much broader notion of policy Areas of emphasis (A policy must be …) Policies are declarative Policies are declarative Easy to use Easy to use Too often, only the PhD student that designed a policy language or framework can use it effectively Flexible / adaptive depending on context Flexible / adaptive depending on context TrustBuilder / GAA-API integration RESCUE project – emergency response Context-sensitive trust negotiation - policies that play fair Hidden credentials – protect sensitive policies

9 GAA-API/TrustBuilder GAA-API - provides fine-grained access control and application-level intrusion detection capabilities to applications through a simple API. TrustBuilder – trust negotiation framework Integration combines the best of both systems Detection and thwarting of attacks on electronic business transactions Adaptation of information disclosure and resource access policies according to a suspicion level Support of cost effective trust negotiation, such that TrustBuilder is invoked only when negotiation is required by access control policies Ryutov, Zhou, Neuman, Leithead, Seamons. Adaptive Trust Negotiation and Access Control, SACMAT 2005 Ryutov, Zhou, Neuman, Foukia, Leithead, Seamons. Adaptive Trust Negotiation and Access Control for Grids, GRID 2005

10 TrustBuilder / GAA-API Integration

11 RESCUE Project The goal of the RESCUE project is to radically transform the ability of responding organizations to gather, manage, use, and disseminate information within emergency response networks and to the general public We will design a policy-driven information sharing architecture Flexible, customizable, dynamic, robust, scalable, policy-driven, highly automated Flexible, customizable, dynamic, robust, scalable, policy-driven, highly automated Policies must support rapid adaptation in the face of unexpected events Policies must support rapid adaptation in the face of unexpected events Funded by National Science Foundation, see Participant universities: BYU, Colorado, Maryland, UCI, UCSD, UIUC. Industrial partner: ImageCat

12 Context Sensitive Trust Negotiation Problem: phishing attacks Solution: release credentials based on context – “need to know” Approach: create an ontology to represent a negotiation type to describe relevant credentials Identify policy errors and malicious phishing attacks Identify policy errors and malicious phishing attacksBenefits Greater protection Greater protection Identify policy errors Identify policy errors Efficiency - push relevant credentials Efficiency - push relevant credentials Leithead, Challenging Policies that Do Not “Play Fair:”, MS Thesis, BYU, August 2005.

13 Hidden Credentials Hidden credentials encrypt a message so that the recipient can read it iff he has the required credentials Credentials can be used without disclosing them Credentials can be used without disclosing them Sensitive policies – policy can be hidden Sensitive policies – policy can be hidden SECRET Clearance FBI Agent US Army Shar e 1 Share 2 Share 1 Share 2 Share 1 (symmetric encryption) (IBE Encryption) Bradshaw, Holt, Seamons, Concealing Complex Policies with Hidden Credentials, CCS 2004

14 Policy Zeitgeist Summary Policies must be declarative Policies must flexible Policies must be easy to configure Policies must be context sensitive Policies must adapt to unexpected change Policies must be easy to diagnose when failure occurs Policy visibility must be tunable

15 Future Policy Zeitgeist We must bridge the gap between industry/government needs and academic research As an academic, too often I fabricate toy problems in the lab using my imagination As an academic, too often I fabricate toy problems in the lab using my imagination The research process needs more real-world input The research process needs more real-world input My research colleagues and I are taking steps to resolve this My research colleagues and I are taking steps to resolve this RESCUE project, for instance Challenge The policy community must build and maintain a knowledge base to guide the design, development, and analysis of policy- based information systems The policy community must build and maintain a knowledge base to guide the design, development, and analysis of policy- based information systems I envision something patterned after successful efforts I have observed in the database, parallel computing, networking fields I envision something patterned after successful efforts I have observed in the database, parallel computing, networking fields

16 Policy Knowledge Base What it will contain? Requirements suite Ontology of policy types Ontology of policy typesSolutions Frameworks Frameworks Languages Languages Standards Standards Lessons learned Examples of broken systems Examples of broken systems Failed approaches Failed approachesBenchmarks Policy language bake-offs Policy language bake-offs Grand challenge applications Grand challenge applications Who will contribute? GovernmentIndustryAcademia Key sectors Finance Finance Health care Health care Public safety Public safety Who will benefit? UsersVendorsResearchers How to evaluate? Ease of use ExpressivenessPerformanceScalabilitySemantics

17 Policy Knowledge Base - Issues Policy-based information systems center Too big for a single organization? Too big for a single organization? Who will fund? Will government fund this? Will government fund this? Industry consortium? Industry consortium? Who should lead the effort? Organizing this effort probably won’t lead to tenure Organizing this effort probably won’t lead to tenure

18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.