Presentation is loading. Please wait.

Presentation is loading. Please wait.

AT2AI-4 Fourth International Symposium "From Agent Theory to Agent Implementation" An Ontological Approach to Harmonising Security Models for Open Services.

Published byColleen McKenzie Modified over 6 years ago

Similar presentations

Presentation on theme: "AT2AI-4 Fourth International Symposium "From Agent Theory to Agent Implementation" An Ontological Approach to Harmonising Security Models for Open Services."— Presentation transcript:

1 AT2AI-4 Fourth International Symposium "From Agent Theory to Agent Implementation" An Ontological Approach to Harmonising Security Models for Open Services Juan Jim Tan (Presenter), Stefan Poslad, Leonid Titkov { juanjim.tan, stefan.poslad, leonid.titkov

2 Presentation Outline Background & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

3 Background Security concerns of open societies
More vulnerabilities Insider attacks Balancing the benefits of open trading vs. closed system security Increasing ubiquitous infrastructure, e.g., Semantic Web: Many Open Heterogeneous Services Services Communicating and Interoperating Service Composition Virtual Enterprise / Virtual Organisation Security models for open societies Different application models, community self-policing These complement conventional e-Business security for Payment, protection of systems, and etc.

4 Motivation Plethora of security standards consortia
Difficult to agree on a single standard Different standards have its limitations Security capabilities unstructured Different islands of security implementations Lack of explicit method No common terminology of stakeholders Abstraction permits propagation of low level faults to other parts of the system Difficult to propagate low-level faults in one part of the system to another part at a high enough level of abstraction to make decisions about the cause and effect of multiple heterogeneous low-level faults

5 Objectives “Describe how distributed security issues can be approached in Open Multi Agent Multi-domain (MAMD) Environments in which applications can dynamically interoperate securely “ “A holistic framework capturing stakeholders and security information within an open service environments using Dynamic Reconfiguration without affecting underlying implementations”

6 Research Contributions
Holistic Abstract and Explicit Framework for Securing Open Services: V-SAT Conceptual Model – Upper Ontology Decentralised advertising and discovering of security profiles Dynamic reconfiguration – Policy based approaches Risk Management Model Automated collaboration and reasoning Operational Model

7

8 Presentation Outline Background & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

9 Comparison of Security Specifications
IETF, Oasis, and W3C

10 Comparison between V-SAT, KAoS, Rei, Ponder
Ontology- based Yes No Policy Type Constraint or Pre-condition based Access Control based Policy Representation KIF + RDF(-S) *developing support for other representations OWL Rei: ( Prolog-like syntax + RDF-S) Ponder language specification Open Security Interoperability Support Security Profiling – capable of representing security instances and complex processes of open semantic based systems Applying mediating and proxy agents onto specific domains Applicable in specific domains Interoperability Representation Abstract to Explicit Explicit Reasoning support Java Theorem Prover Prolog engine Event calculus representation

11 Comparison - V-SAT, WS-Security, GRID Security
Ontology- based Yes – Semantic No – Syntactic No Policy Support Yes – Constraint Yes – Authorizations Policy Representation KIF + RDF(-S) XML Grid policy / WS-Security Interoperability Support Yes – Security Profiles Security Token - Claims Applicable in GRID environment / Utilise WS-Security Spec. Interoperability Representation Abstract (Model) to Explicit Specification Explicit Reasoning support Java Theorem Prover Not defined Risk Management Yes Analysability Ontology simplifies reasoning and dependency validation Specific to a particular context/domain and lacking in inter-concept validation Expressivity Represent behavior of complex environment, multi level abstractions, and easy to extend new concepts Represent only specific behaviors and difficult to extend new concepts V-SAT also supports ‘spatial’ and ‘temporal’ event conditions within the reasoning model.

12 Other Related Work [Denker et al., 2003];
Focuses on DAML based implementation Limited conceptual model Complicated negotiations – brittle in large scale systems

13 Presentation Outline Background & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

14 Holistic Abstract Security Model
Security Applications Policies Descriptions Service Trust Security Ontology Model Concepts Security Trust Privacy Security Mechanisms and standard specifications, e.g., SSL, XML-Signature etc.

15 Profile Driven Open Service Security Framework

16 Service Composition Scenario

17 Conceptual Layer – Semantic Model

18 Service Description Layer 1/2
Advertised into Directory Services for discovery, e.g. LDAP, UDDI, DF, etc

19 Service Description Layer – Risk Model 2/2

20 Presentation Outline Introduction & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

21 Policy Layer – Reasoning Model 1/2

22 Policy Layer – Reasoning Model 2/2
Reasoning Algorithm Steps using JTP: Loading of Ontologies, General Rules, User and Service Profiles Spatial and Temporal Threat Detection; checks if environment is trusted (end) or un-trusted: Identify associated threats and safeguards Compare user and service profile instances and policies If there are conflicts – resolve conflicts by order and precedence of policies Result presenting the outcome of the reasoning process for security decision making Identify associated threats and safeguards to determine a rational recommendation or decision making over what security instances and policies to support.

23 Application Layer – Operational Model
Modular security API developed

24 Presentation Outline Introduction & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

25 Why our modelling choice?
Reuse current security models as an upper ontology for supporting interoperability We can rely on current best security practises Able to capture stakeholders in an abstract way that can be strapped onto an explicit model Interoperability is more achievable using semantic approaches to practical applications

26 Why an Explicit Security Model?
To define explicit security requirements, protection and policies of systems as profiles Argument: Security should not be advertised because it gives an inside information of the system; Security by obscurity gives a false sense of security Hide weaknesses that an open peer review might uncover

27 Framework Achievements
Deployed Security Applications in a Global Agent Test-bed (Agentcities.RTD) project. Ontology and specifications available at Reasoning Model implemented using JTP, DAML+OIL and KIF Developed a Risk Model that assesses the criticality and probability of threats Web based demo of an Open Security Interoperability Scenario (to be released)

28 Presentation Outline Introduction & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

29 Performance of Loading Facts and Rules into JTP
Checkpoints: 1 = Security Ontology, 2 = General Policies, 3 = User Profiles, 4 = Service Profiles, 5 = Misc. Profiles

30 Presentation Outline Introduction & Motivation
Related Work and its Limitations Holistic Security Ontology Model Conceptual & Service Description Layers Policy & Application Layers Critical Analysis Evaluation of Conceptual Framework Evaluation of Reasoning Model Performance Conclusion and Future Work

31 Conclusion There are many different security standards and they fall short of certain functionalities Semantic Technology allows us to develop holistic models to support security interoperability, but could benefit from having more tools An Abstract yet Explicit Model is useful for capturing stakeholders in open systems, such as V-SAT Security Profiling advocates the understanding of security configurations and requirements amongst open services

32 Future Work Expand the framework to support other security and semantic specifications. E.g. WSCI, ebXML. Implement Policy based Access Control onto specific domains. E.g. KAoS, Ponder Trust Conceptualisation & Open Interoperability

33 Thank You Contact Details: Juan Jim Tan
Department of Electronic Engineering Queen Mary, University of London Mile End Road, London E1 4NS United Kingdom

Download ppt "AT2AI-4 Fourth International Symposium "From Agent Theory to Agent Implementation" An Ontological Approach to Harmonising Security Models for Open Services."

Similar presentations

May 24, 2004 SWSL outbrief 1 Outbrief from SWSL group at SWSI F2F May 24, 2004.

May 24, 2004 SWSL outbrief 1 Outbrief from SWSL group at SWSI F2F May 24, 2004.
1 University of Namur, Belgium PReCISE Research Center Using context to improve data semantic mediation in web services composition Michaël Mrissa (spokesman)

1 University of Namur, Belgium PReCISE Research Center Using context to improve data semantic mediation in web services composition Michaël Mrissa (spokesman)
Ontologies: Dynamic Networks of Formally Represented Meaning Dieter Fensel: Ontologies: Dynamic Networks of Formally Represented Meaning, 2001 SW Portal.

Ontologies: Dynamic Networks of Formally Represented Meaning Dieter Fensel: Ontologies: Dynamic Networks of Formally Represented Meaning, 2001 SW Portal.
Interoperability of Distributed Component Systems Bryan Bentz, Jason Hayden, Upsorn Praphamontripong, Paul Vandal.

Interoperability of Distributed Component Systems Bryan Bentz, Jason Hayden, Upsorn Praphamontripong, Paul Vandal.
Towards a hybrid approach to context modelling, reasoning and interoperation Karen Henricksen CRC for Enterprise Distributed Systems Technology (DSTC)

Towards a hybrid approach to context modelling, reasoning and interoperation Karen Henricksen CRC for Enterprise Distributed Systems Technology (DSTC)
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
An integrative approach for attaching semantic annotations to service descriptions Luc Moreau, University of Southampton,UK.

An integrative approach for attaching semantic annotations to service descriptions Luc Moreau, University of Southampton,UK.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.

Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.
ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.

ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.
Kmi.open.ac.uk Semantic Execution Environments Service Engineering and Execution Barry Norton and Mick Kerrigan.

Kmi.open.ac.uk Semantic Execution Environments Service Engineering and Execution Barry Norton and Mick Kerrigan.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language

From SHIQ and RDF to OWL: The Making of a Web Ontology Language
Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment 2006.06.26 Hyeonsook Kim  2006 CUS. All rights reserved.

Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.
1 Adapting BPEL4WS for the Semantic Web The Bottom-Up Approach to Web Service Interoperation Daniel J. Mandell and Sheila McIlraith Presented by Axel Polleres.

1 Adapting BPEL4WS for the Semantic Web The Bottom-Up Approach to Web Service Interoperation Daniel J. Mandell and Sheila McIlraith Presented by Axel Polleres.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
An approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis Centre for Research and Technology Hellas.

An approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis Centre for Research and Technology Hellas.
The Integration of Peer-to-peer and the Grid to Support Scientific Collaboration Tran Vu Pham, Lydia MS Lau & Peter M Dew {tranp, llau &

The Integration of Peer-to-peer and the Grid to Support Scientific Collaboration Tran Vu Pham, Lydia MS Lau & Peter M Dew {tranp, llau &

Similar presentations

Ads by Google