Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS.

Published byQuentin Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS."— Presentation transcript:

1 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

2 Semantic Web Policy Systems “A meta-control architecture for orchestrating policy enforcement across heterogeneous information sources” Jinghai Rao, Alberto Sardinha, Norman Sadeh Carnegie Mellon University Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

3 Overview Context-sensitive security and privacy policies Decentralized trust management Challenges include:  sources of information vary from one principal to another  sources of information may vary over time  sources of information may not be known ahead of time Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

4 Contributions of Paper “Development of a semantic web framework and a meta-control model for opportunistically interleaving policy reasoning and web service discovery to enforce context-sensitive policies” Extension of XACML ontology Language independent system

5 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech XACML “XACML is an initiative to develop a standard for access control and authorization systems... XACML aims to achieve the following:  Create a portable and standard way of describing access control entities and their attributes.  Provide a mechanism that offers much finer granular access control than simply denying or granting access -- that is, a mechanism that can enforce some before and after actions along with "permit" or "deny" permission.” http://www.ibm.com/developerworks/xml/library/x-xacml/

6 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Information Disclosure Agent (IDA) Policy Enforcement Agent (PEA) Controls access to information and service access through policies Uses policy enforcement  Control policies  Obfuscation policies

7 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Information Disclosure Agent (IDA) Interact across various networks Encrypted traffic Language Independent (with interpreter)‏

8 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Information Disclosure Agent (IDA)

9 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Meta-Controller Monitors progress and determines the next step Cycle Meta-Control Housekeeping Module Modules complete tasks

10 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Meta-Controller Query status information includes:  A query status ID  Status predicates  A query ID and query element ID  A parent query status ID  A time stamp

11 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Meta-Controller

12 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

13 Policy Reasoner Evaluating relevant policies Return policy decisions Modules:  Query Decomposition Module  Access Control Module  Obfuscation Module

14 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Information Collector Gathering facts Modules:  Local Information Reasoner  Service Discovery Module  Service Invocation Module  User Interface

15 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Service Discovery and Invocation IDAs are constantly sending queries and results back and forth Multiple queries between IDAs Node deadlock is possible and avoidable  Time outs  Query dependency graphs

16 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Example Scenario Bob is an employee of SATElectronics Corporation Bob contracts to United GenSat Bob wants the schedule for deployment of SAT 777 from United GenSat, which is a product he has been working on.

17 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Example Scenario

18 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Beyond Access Control Policies

19 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Q&A How easy are the policies to create/update/delete? What is the overhead of this system VS a standard form of authentication?

Download ppt "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Norman Sadeh – Carnegie Mellon University – DAML PI Meeting- Feb. 13, 2002 DAML PI Meeting Status Briefing A Semantic Web Environment for Mobile Context-Aware.

Norman Sadeh – Carnegie Mellon University – DAML PI Meeting- Feb. 13, 2002 DAML PI Meeting Status Briefing A Semantic Web Environment for Mobile Context-Aware.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.

Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
New Challenges for Access Control April 27, 2005 1 Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Copyright ©2001-2004 Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science.

Copyright © Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science.
Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.

Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Agent-based Device Management in RFID Middleware Author : Zehao Liu, Fagui Liu, Kai Lin Reporter :郭瓊雯.

Agent-based Device Management in RFID Middleware Author : Zehao Liu, Fagui Liu, Kai Lin Reporter :郭瓊雯.

Similar presentations

Ads by Google