Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Distributed Tabling Algorithm for Rule Based Policy Systems

Published byOliver French Modified over 5 years ago

Similar presentations

Presentation on theme: "A Distributed Tabling Algorithm for Rule Based Policy Systems"— Presentation transcript:

1 A Distributed Tabling Algorithm for Rule Based Policy Systems
Miguel Alves, Carlos Damasio, Wolfgang Nejdl, Daniel Olmedilla IEEE Policy, June 4-6, 2006

2 Motivation Scenario Online Sharing Pictures
Bob: Is Tom a friend of Bob? Bob: Is Tom a friend of Alice? Bob: Check local friend list Bob: Is Tom a friend of Frank? Alice: Is Tom a friend of Alice? Frank: Is Tom a friend of Frank? Alice: Is Tom a friend of Bob? Alice: Is Tom a friend of Frank? Frank: Is Tom a friend of Alice? Frank: Is Tom a friend of Bob? Alice: Check local friend list Frank: Check local friend list Policy 2006 22/04/2019

3 Problem Statement CIA Agents
I show you my CIA badge If you show me yours first I show you my CIA badge If you show me yours first [ Li, Du,BonehWinsborough, Seamons, Jones. Oblivious Signature-Based Envelope DARPA ACM Symposium on Principles of Distributed Computing, 2003] Policy 2006 22/04/2019

4 Problem Statement Loop Detection
From a declarative specification point of view Loops may easily occur Policies are complex and large in number Typically, they are not under the control of a single person Loops are not errors However, if not handled correctly They may end up in non-terminating evaluation Policy 2006 22/04/2019

5 Problem Statement Existing Validation & Verification Techniques
Locally (on own policies) Policy specification Static checking Tabling Model checking Etc. They do not apply in a distributed setting because Too large number of potential policies Policies at other entities may be private Policies are dynamic Applicable policies are known only at runtime Policy 2006 22/04/2019

6 SLD Resolution Definition
Goal G = ( L1, … , Lk , … , Lm ) Clause C = ( A :- M1 , … , Mn ) Resolvent G’ = ( L1, … , Lk-1 , M1 , … , Mn , Lk-1 , … , Lm ) θ θ = mgu (Lk , A) Policy 2006 22/04/2019

7 Each new sub-goal is tabled, and its answers stored in that table
Tabling Definition Technique for goal-oriented evaluation of logic programs by storing computed answers in tables (a.k.a. tabulation) Each new sub-goal is tabled, and its answers stored in that table Resolution returns the answers of the table Repeated answers are not propagated Policy 2006 22/04/2019

8 friendOf(alice,alice)
Tabling Example friendOf(X,alice) friendOf(X,bob). friendOf (X,Y) :- friendOf (Y,X). friendOf (X,alice). friendOf(alice,X) {bob/X} {alice/X} friendOf(X,alice) Subgoals Answers friendOf(X,alice) friendOf(X,alice) friendOf(alice,X) friendOf(alice,bob) Reuse answer Reuse answer friendOf(alice,alice) Policy 2006 22/04/2019

9 Distributed Tabling Elements
Peer Prover Perform the logical operations on goals Send a request to peer client for each new sub-goal selected and wait for the answers Able to produce the proof of an answer Peer Client Keep the tables and answers for goal calls Goal Manager Interfaces a community with the outside world One per community Major function is to detect termination Policy 2006 22/04/2019

10 Distributed Tabling Example of Running Architecture
Policy 2006 22/04/2019

11 Distributed Tabling Security & Privacy
Sharing dependencies during evaluation makes tabling easier It brings privacy concerns Sharing dependencies may discover partnerships and the policies themselves Two kind of predicates: Public: can be queried and included in the proof Private: cannot be queried and must remain hidden Two kinds of calls: Authorization call (call for evaluation) Proof (explanation of the evaluation) Policy 2006 22/04/2019

12 Distributed Tabling Messages Interaction
Policy 2006 22/04/2019

13 Distributed Tabling Example
Policy 2006 22/04/2019

14 Distributed Tabling Termination Detection
Crucial to detect In order to inform the requester there are no more answers (or request failed) Needed for Negation as Failure Allow to free resources used during evaluation Global Termination Detect when all goals are finished No need to share dependencies among peers Local Termination Detect when each goal is finished Need to share dependencies Privacy problems It allows to have NAF Policy 2006 22/04/2019

15 Conclusions & Further Work
A distributed tabling algorithm is presented Detects loops Without increasing the complexity of the system (PTIME) Handles public and private policies and proof generation Implemented and tested Further work Reduce communication among peers Better management of information Reduce risk of information leakage Research on local termination algorithms Taking privacy into account In order to allow NAF Policy 2006 22/04/2019

Download ppt "A Distributed Tabling Algorithm for Rule Based Policy Systems"

Similar presentations

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech
Introduction to Prolog, cont’d Lecturer: Xinming (Simon) Ou CIS 505: Programming Languages Fall 2010 Kansas State University 1.

Introduction to Prolog, cont’d Lecturer: Xinming (Simon) Ou CIS 505: Programming Languages Fall 2010 Kansas State University 1.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Proof methods Proof methods divide into (roughly) two kinds: –Application of inference rules Legitimate (sound) generation of new sentences from old Proof.

Proof methods Proof methods divide into (roughly) two kinds: –Application of inference rules Legitimate (sound) generation of new sentences from old Proof.
1 SWE 205 - Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)

1 SWE Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Proof System HY-566. Proof layer Next layer of SW is logic and proof layers. – allow the user to state any logical principles, – computer can to infer.

Proof System HY-566. Proof layer Next layer of SW is logic and proof layers. – allow the user to state any logical principles, – computer can to infer.
Collaboration Diagrams. Example Building Collaboration Diagrams.

Collaboration Diagrams. Example Building Collaboration Diagrams.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
ECE122 L17: Method Development and Testing April 5, 2007 ECE 122 Engineering Problem Solving with Java Lecture 17 Method Development and Testing.

ECE122 L17: Method Development and Testing April 5, 2007 ECE 122 Engineering Problem Solving with Java Lecture 17 Method Development and Testing.
Carlos DamásioTAPD 2000, Vigo1 A Distributed Tabling System Carlos Viegas Damásio Dept. Informática, Univ. Nova de Lisboa Portugal.

Carlos DamásioTAPD 2000, Vigo1 A Distributed Tabling System Carlos Viegas Damásio Dept. Informática, Univ. Nova de Lisboa Portugal.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Detection and Resolution of Anomalies in Firewall Policy Rules

Detection and Resolution of Anomalies in Firewall Policy Rules
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
 Communication Tasks  Protocols  Protocol Architecture  Characteristics of a Protocol.

 Communication Tasks  Protocols  Protocol Architecture  Characteristics of a Protocol.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.

CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.

Similar presentations

Ads by Google