Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policies for Autonomy in Open Distributed Systems

Published byBrianna Quinn Modified over 6 years ago

Similar presentations

Presentation on theme: "Policies for Autonomy in Open Distributed Systems"— Presentation transcript:

1 Policies for Autonomy in Open Distributed Systems
Mark Cornwell (GITI) James Just (GITI) Lalana Kagal (UMBC) Tim Finin (UMBC, GITI) Mike Huhns (USC, GITI) Policies for Autonomy in Open Distributed Systems This work was partially funded by Defense Advanced Research Project Agency under contract N C The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of the Defense Advanced Research Project Agency or the U.S. Government.

2 Are policies a panacea?

3 Are policies a panacea? no

4 IMHO There are no panaceas

5 IMHO Except, maybe,

6 the semantic web IMHO* *Disclaimer: this is MHO when
I’m in one of my expansive moods.

7 Summary Declarative policies are useful for constraining autonomous behavior in open, distributed systems This enables more autonomy The Rei policy language and associate tools have provided a good base Semantic web languages (e.g., OWL) used, grounding descriptions in sharable, semantically rich, machine understandable ontologies We’re evaluating and exploring the utility of policies through prototype applications In one, Topsail, policies guide agents to help form, operate and maintain teams of people.

8 Policies for Autonomy Policies are rules of optimal behavior
Optimal? Policies are normative and describe what should be done in an ideal world. Policies provide high-level control of entities in the environment Entities? These can be programs, services, agents, devices and people Using policies reduces the need to modify code in order to change systems’ behavior So? We assume modifying policies will be easier than modifying Java.

9 Our Approach Declarative policies guide the behavior of entities in open, distributed environments Positive and negative authorizations & obligations Focused on domain actions Policies are based on attributes of the action (and its actor and target) and the general context – not just on their identity of the actor Policies are applied at different levels From OS and networking to applications

10 Our Approach Developed several versions of Rei, a policy specification language, encoded in (1) Prolog, (2) RDFS, (3) OWL Used to model different kinds of policies Authorization for services Privacy in pervasive computing and the web Conversations between agents Team formation, collaboration and maintenance Policies and attributes described in the web ontology language OWL

11 Rei Policy Language Rei is a declarative policy language for describing policies over actions Reasons over domain dependent information Currently represented in OWL + logical variables Based on deontic concepts Permission, Prohibition, Obligation, Dispensation Models speech acts Delegation, Revocation, Request, Cancel Meta policies Priority, modality preference Policy tools Reasoner, IDE for Rei policies (Eclipse), …

12 Rei Specifications (partial)

13 Applications – past, present & future
Coordinating access in supply chain management system Authorization policies in a pervasive computing environment Policies for team formation, collaboration, information flow in multi-agent systems Security in semantic web services Privacy and trust on the Internet Privacy in a pervasive computing environment 1999 2002 2003 … 2004 …

14 pervasive computing

15 Authorization policies in pervasive computing environments
Should I allow this access ? Should I trust this service ?

16 Problems Highly distributed, open and dynamic
Users and resources are neither pre-determined nor permanent No central repository or control

17 Authorization policies
Every entity describes its own authorization policy that defines security requirements for its access E.g.. The grad fax machine states that only UMBC graduate students can send faxes No central policy or control Authorization is formulated as verifying that the credentials of the requesting user meet the requirements of the requested object

18 Meeting Room Example Client’s Meeting Room
What are your beliefs about John John wants to use the printer in the meeting room (John Requests to use printer) Signed with private key + credential from John’s office saying he is a consultant John, Consultant Printer’s Security Policy Only attendees of the meeting can use the printer Accept the organizer’s beliefs about attendees

19 Meeting Room Example Client’s Meeting Room
OK I believe John is an attendee John wants to use the printer in the meeting room (John Requests to use printer) Signed with private key + credential from John’s office saying he is a consultant John, Consultant Printer’s Security Policy Only attendees of the meeting can use the printer Accept the organizer’s beliefs about attendees

20 Delegation Example Certificate Controller Security Agent
What rights does a guest have ? Has anyone delegated some rights to John/guest ? If there is a delegation, was it by someone who had the right to delegate ? Is the delegation still valid ? Access Rights Security Agent Service Manager Communication Manager Role Assignment Coffee Maker, FAX Delegate FAX to John List of Services Request permission to access FAX Printer John (Visitor) FAX Coffee machine Susan (Manager) has(Person, right(delegate(right(use-fax,[])), [role(Person, abc, manager)])) Simplified Rule for delegation : has(Person, Right) :- delegate(From, Person, Right), has(From, right(delegate(Right))).

21 human collaboration

22 Enhancing collaboration in human teams
Objective: facilitate collaboration in inter-agency teams Scenario: collaboration on an inter-agency team formed in face of a crisis Approach: augment conventional collaboration tools (Groove, , workflow) with agents to assist in team formation, team maintenance, information flow, workflow, … Lead: Global Infotek Inc. for DoD

23 Motivation and Problems
Motivation: Technology to increase collaboration effectiveness Large amount of flexibility required Heterogeneous entities and networks Each agency has its own policy Teams have their own policy and priority Possibility of policy conflict is high

24 Research components Enhancing conventional collaboration tools with software agents Exploring the use of declarative policies to constrain and guide system components Using social network analysis to model and understand human team structure and roles Acquiring user and team models automatically by instrumenting coordination tools (e.g., groove, ) and employing ‘smart badges’

25 Example: Team Support A team is characterized by Actions involved
Crisis type Defines the skill set required for the team members, the number of team members required, etc. Length of activity Priority Actions involved Team Formation Collaboration support Information flow monitoring and control Workflow monitoring and management

26 Agent enhanced collaboration tools
Collaboration Facilitation Mission or Session Purpose Status Workflow & Completion Estimator Priority & Schedule Policies Agents for Facilitation Agents for Facilitation Governance Expertise Workload Preferences Prior Interactions A A A A Intelligent Collaboration Facilitation Template A A A A Resources A Resources Resources A A Agents for Policy Management Agents for Behavior & Social Network Analysis

27 Role of policies in Team Formation
Includes finding leader and choosing members Policy constrains who can be a team leader in terms of attributes of leader (experience, technical skills, ...) and team (e.g., objective, size, budget, length, …) Modeled as negative and positive authorization policies Eg: CIA staff with >5 years of experience and biowarfare knowledge are permitted to form a team of length of 6 months to deal with a crisis involving bioweapons Team members are specified in the same way Policy constrains that sets of individuals that are a valid team via permissions and prohibitions Leader queries policy management system for help in assembling a valid team and subsequent changes (e.g., replacing a member)

28 Role of Policies in Collaboration
This involves several tasks that a team member must do including reporting These tasks are modeled as obligations on the team member All team members of team T must send weekly reports to the team leader The workflow component of the agent reasons over these obligations while deciding what to do next

29 Role of Policies in Information Flow
Constrain information exchangeable by team members based on importance, team priority, agencies involved, etc. These are modeled as permissions and prohibitions, e.g.: Members of CIA and FBI are prohibitted from exchanging information about X Members of CIA and FBI are permitted to exchange information about X if they are on the same high-priority team that deals with X. A metapolicy rule that team policy dominates agency policy resolves the conflict when a CIA member wants to send information about X to an FBI member.

30 Discovering social networks
We’re working on discovering a team’s social network structure using several techniques Custom smart badges record degree of face-to-face interactions between team members. Instrumentation of coordination tools (e.g., Outlook) record degree and quality of computer mediated interactions v1 & v2 use IR to detect f2f neighbors. Designed to be low power and inexpensive (~$10) v3, prototyped on PDAs, also detect user’s talking Correlating badge info yields conversational model

31 Social Network Perspective
The reach of an individual or team in an organization is constrained by personal influence, local networks and stovepipes. It constrains and limits the impact of collaborative problem solving. Untended or ignored networks may cut a swath through organizational silos to subsume, submerge and even redirect attempts to achieve innovation or change. Actively monitoring and nurturing network growth is critical.

32 DNA of Social Networks Tending the social network
Analyzing the network Social network analysis can identify individual’s roles as Hubs Gatekeepers Pulsetakers and recommend the need to introduce new ones. Tending the social network Add appropriate people to team based on their models (e.g., foaf, MBTI) or software agents can fill the gap

33 selecting web services

34 Security and Trust for Semantic Web Services
Semantic web services are web services described using OWL-S Policy-based security infrastructure Why policies ? Expressive -- can be over descriptions of Requester, Service, and Context Authorization Rules for access control Privacy Rules for protecting information Confidentiality Cryptographic characteristics of information exchanged Policies + Semantic Web Services

35 Example policies Authorization Privacy/Confidentiality
Policy 1: Stock service not accessible after market closes Policy 2: Only LAIT lab members who are Ph.D. students can use the LAIT lab laser printer Privacy/Confidentiality Policy 3: Do not disclose my my SSN Policy 4: Do not disclose my home address or facts from which it could be easily discovered Policy 5: Do not use a service that doesn’t encrypt all input/output Policy 6: Use only those services that required an SSN if it is encrypted Privacy policies and confidentiality policies are very closely related. We currently view privacy policies as restrictions over the input and output of web services. For example, a requester may not want to use a service that asks for his SSN . A more interesting example is when a requester does not want his telephone number to be disclosed. In this case, the reasoner should be able to figure out that given the name and address it is possible to find the user’s telephone number. So the reasoner should restrict access to those services that use the name and address as well as those that use the telephone number directly. This is part of our future work. Confidentiality policies describe the cryptographic protocols required for the input and output of the service.

36 Example Mary is looking for a reservation service
foaf description Confidentiality policy BravoAir is a reservation service OWL-S description Authorization policy Only users belonging to the same project as John can access the service

37 Mary <!-- Mary's FOAF description -->
<foaf:Person rdf:ID="mary"> <foaf:name>Mary Smith</foaf:name> <foaf:title>Ms</foaf:title> <foaf:firstName>Mary</foaf:firstName> <foaf:surname>Smith</foaf:surname> <foaf:homepage rdf:resource=" <foaf:currentProject rdf:resource=" "/> <sws:policyEnforced rdf:resource="&mary;ConfidentalityPolicy"/> </foaf:Person> </rdf:RDF>

38 Bravo Policy <entity:Variable rdf:about="&bravo-policy;var1"/> <entity:Variable rdf:about="&bravo-policy;var2"/> <constraint:SimpleConstraint rdf:about="&bravo-policy;GetJohnProject" constraint:subject="&john;John" constraint:predicate="&foaf;currentProject" constraint:object="&bravo-policy;var2"/> rdf:about="&bravo-policy;SameProjectAsJohn" constraint:subject="&bravo-policy;var1" <!-- constraints combined --> <constraint:And rdf:about="&bravo-policy;AndCondition1" constraint:first="&bravo-policy;GetJohnProject" constraint:second="&bravo-policy;SameProjectAsJohn"/> <deontic:Right rdf:about="&bravo-policy;AccessRight"> <deontic:actor rdf:resource="&bravo-policy;var1"/> <deontic:action rdf:resource="&bravo-service;BravoAir_ReservationAgent"/> <deontic:constraint rdf:resource="&bravo-policy;AndCondition1"/> </deontic:Right> ……… <rdf:Description rdf:about="&bravo-service;BravoAir_ReservationAgent"> <sws:policyEnforced rdf:resource="&bravo-policy;AuthPolicy"/> </rdf:Description>

39 How it works BravoAir Web service Mary Matchmaker + Reasoner
URL to foaf desc + query request <sws:policyEnforced rdf:resource = "&bravo-policy;AuthPolicy"/> Matchmaker + Reasoner Bravo Service OWL-S Desc

40 How it works BravoAir Web service Mary
Mary’s query = Bravo Service ? YES Extract Bravo’s policy <deontic:Right rdf:about="&bravo-policy;AccessRight"> <deontic:actor rdf:resource="&bravo-policy;var1"/> <deontic:action rdf:resource="&bravo-service;BravoAir_ReservationAgent"/> <deontic:constraint rdf:resource="&bravo-policy;AndCondition1"/> </deontic:Right> <policy:Granting rdf:about="&bravo-policy;AuthGranting"> <policy:to rdf:resource="&bravo-policy;var1"/> <policy:deontic rdf:resource="&bravo-policy;AccessRight"/> </policy:Granting> <sws:AuthorizationPolicy rdf:about="&bravo-policy;AuthPolicy"> <policy:grants rdf:resource="&bravo-policy;AuthGranting"/> </sws:AuthorizationPolicy> <rdf:Description rdf:about="&bravo-service;BravoAir_ReservationAgent"> <sws:policyEnforced rdf:resource="&bravo-policy;AuthPolicy"/> </rdf:Description> Does Mary meets Bravo’s policy ? <constraint:SimpleConstraint rdf:about = "&bravo-policy;GetJohnProject” constraint:subject="&john;John" constraint:predicate="&foaf;currentProject" constraint:object="&bravo-policy;var2"/> var2 = Authorization enforcement complete BravoAir Web service Mary <foaf:currentProject rdf:resource = " <constraint:SimpleConstraint rdf:about="&bravo-policy;SameProjectAsJohn" constraint:subject="&bravo-policy;var1" constraint:predicate="&foaf;currentProject" constraint:object="&bravo-policy;var2"/> Is the constraint true when var2 = var1 = The matchmaker first finds all those web services that match Mary’s functional description. In this case, it is only Bravo Service. The matchmaker then extracts Bravo’s authorization policy. It reasons over the authorization policy and Mary’s description to verify that the policy is met. As Mary is in the same project as John, she meets the constraints of the policy. After this the matchmaker reasons over Mary’s policy in a similar fashion.

41 Status Policy compliance checking algorithms are implemented
Ontologies for describing cryptographic characteristics of data Integration with OWL-S Matchmaker is part of our ongoing work

42 privacy on the web

43 Privacy and Trust on the Internet
Current state of the art: Server’s privacy practices described and published using P3P, a W3C standard Clients specify a privacy policy using any of several systems, e.g., APPEL, a W3C standard used to describe client’s privacy preferences Browser plugin (perhaps using a proxy) alert or prevent users from visiting sites violating their privacy policy. Problems Neither P3P nor APPEL is very expressive Not extensible Client side preferences only enforced when website has a P3P policy, which almost none have

44 Our Approach Convert P3P into RDF (if not already in RDF)
Model trust for website based on various attributes Use Rei to describe client-side privacy preferences over P3P specs Trust and other attributes of websites Context of client

45 Our Approach Make assertion about sites
Look for text policies and endorsement (e.g., by truste) Google ranks etc

46 Example Don’t access a site that collects clickstream data unless I’m using my office workstation. Assume a site collects clickstream data unless there is trusted evidence that it does not.

47 summary

48 Summary redux Declarative policies are useful for constraining autonomous behavior in open, distributed systems This enables more autonomy The Rei policy language and associate tools have provided a good base Semantic web languages (e.g., OWL) used, grounding descriptions in sharable, semantically rich, machine understandable ontologies We’re evaluating and exploring the utility of policies through prototype applications In one, Topsail, policies guide agents to help form, operate and maintain teams of people.

49 For more information

50 backup

51 Related Research WS-* Policy Languages
Lack of semantic expressiveness and reasoning capabilities Most approaches are based on XML. E.G., XML signature/encryption, WS-security, SAML. Restricted extensibility Possible solution is ontological approach Policy Languages XACML : OASIS eXtensible Access Control Markup Language EPAL : IBM Enterprise Privacy Authorization Language Ponder KeyNote KAoS : Knowledgeable Agent-oriented System

Download ppt "Policies for Autonomy in Open Distributed Systems"

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.

S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.
1 of 30 Declarative Policies for Describing Web Service Capabilities and Constraints Lalana Kagal Tim Finin Anupam Joshi University of Maryland Baltimore.

1 of 30 Declarative Policies for Describing Web Service Capabilities and Constraints Lalana Kagal Tim Finin Anupam Joshi University of Maryland Baltimore.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.

Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.

Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.
European Network of Excellence in AI Planning Intelligent Planning & Scheduling An Innovative Software Technology Susanne Biundo.

European Network of Excellence in AI Planning Intelligent Planning & Scheduling An Innovative Software Technology Susanne Biundo.
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.

Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
© 2007 Tom Beckman Features:  Are autonomous software entities that act as a user’s assistant to perform discrete tasks, simplifying or completely automating.

© 2007 Tom Beckman Features:  Are autonomous software entities that act as a user’s assistant to perform discrete tasks, simplifying or completely automating.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Agent Model for Interaction with Semantic Web Services Ivo Mihailovic.

Agent Model for Interaction with Semantic Web Services Ivo Mihailovic.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Similar presentations

Ads by Google