Presentation is loading. Please wait.

Presentation is loading. Please wait.

Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.

Published byDenzel Deep Modified over 9 years ago

Similar presentations

Presentation on theme: "Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR."— Presentation transcript:

1 Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR

2 OUTLINE About various policies About various policies Roles of policies in enhancing security, privacy and usability of Distributed services Roles of policies in enhancing security, privacy and usability of Distributed services Discusses about important requirements and open research issues. Discusses about important requirements and open research issues.

3 OUTLINE(CONT…) Discussion is based on the following strategic goals and lines of research Discussion is based on the following strategic goals and lines of research -Broad notion of policy. -Strong and Lightweight evidence. -Automated Trust Negotiation. -Cooperative policy enforcement. How to integrate policies into trust management framework. How to integrate policies into trust management framework.

4 WHAT ARE POLICIES? Policies are pervasive in web applications. Policies are pervasive in web applications. Policies specify the behavior of the system Policies specify the behavior of the system They play crucial role in the area of security, privacy and business rules. They play crucial role in the area of security, privacy and business rules. They determine the success of the web services They determine the success of the web services

5 BROAD NOTION OF POLICY All different policies should be integrated into a single framework. All different policies should be integrated into a single framework. These policies include not only access control but also privacy policies, business rules, quality of service and among others. These policies include not only access control but also privacy policies, business rules, quality of service and among others. -Access control policies protects any system open to the internet.

6 BROAD NOTION OF POLICY -Privacy policy protects the user while they are browsing web and accessing web services. -Business policy specifies the condition that apply to specific customer of web services. -Other policies specify constraints related to quality of service.

7 BROAD NOTION OF POLICY All these policies makes decisions based on the information of the peer/user involved in the transaction. All these policies makes decisions based on the information of the peer/user involved in the transaction. -For example, age, nationality, customer profile, identity, and reputation may all be considered both in access control decisions, and in determining which discounts are applicable.

8 BROAD NOTION OF POLICY These kinds of policies needs to be integrated to provide These kinds of policies needs to be integrated to provide –a common infrastructure that can be used for decision making and interoperability. –Policies can be harmonized and synchronized. There are also policies which requires the events to be logged. There are also policies which requires the events to be logged. These policies are called Provisional policies. These policies are called Provisional policies. Policy specify actions to be executed along with the decision process. Policy specify actions to be executed along with the decision process.

9 BROAD NOTION OF POLICY Policies in these context acts as both decision support system and as declarative behavior systems. Policies in these context acts as both decision support system and as declarative behavior systems. An effective approach to policy specification could give common user a better control on the behavior of their own system. An effective approach to policy specification could give common user a better control on the behavior of their own system. Achievement of this goal depends on policies ability to interoperate with rest of the system. Achievement of this goal depends on policies ability to interoperate with rest of the system.

10 STRONG AND LIGHTWEIGHT EVIDENCE Policies make decisions based on properties of the peers interacting with the system. These properties may be strongly certified by cryptographic techniques, or may be reliable to some intermediate degree with lightweight evidence gathering and validation. A flexible policy framework should try to merge these two forms of evidence to meet the efficiency and usability requirements of web applications.

11 STRONG AND LIGHTWEIGHT EVIDENCE Trust negotiation, reputation models, business rules, and action specification languages have to be integrated into a single framework. Automated trust negotiation plays an important role in trust management.

12 TRUST MANGEMENT The Semantic Web is a large, uncensored system to which anyone may contribute. This raises the question of how much credence to give each source. We cannot expect each user to know the trustworthiness of each source. This is where Trust Management plays an important role in establishing the trustworthiness of each source.

13 APPROACHES TO TRUST MANGEMENT Two major approaches to managing trust exists Two major approaches to managing trust exists-Policy-based-Reputation-based In policy-based trust management approach strong security mechanisms are used to regulate access of user to web services. In policy-based trust management approach strong security mechanisms are used to regulate access of user to web services. Strong security mechanisms include Strong security mechanisms include signed certificates and trusted certification authorities (CAs).

14 APPROACHES TO TRUST MANGEMENT (CONT…) Access decisions are based on these mechanism with well defined semantics. Access decisions are based on these mechanism with well defined semantics. Provides strong verification and analysis support. Provides strong verification and analysis support. Policy-based approach helps in making a decision about the ‘trustworthiness’ of the requester. Policy-based approach helps in making a decision about the ‘trustworthiness’ of the requester. Determines whether the service/resource is allowed or denied to the requester. Determines whether the service/resource is allowed or denied to the requester.

15 APPROACHES TO TRUST MANGEMENT (CONT…) Reputation-based trust relies on a “soft computational” approach to the problem of trust. In this approach trust is computed based on the local experience and feedback given by the other entities in the network. In this approach trust is computed based on the local experience and feedback given by the other entities in the network. - -For Example, online buyers and sellers rate each other after each transaction. The ratings pertaining to a certain seller (or buyer) are aggregated by websites reputation system into a number reflecting seller (or buyer) trustworthiness as judged by the webpage community.

16 APPROACHES TO TRUST MANGEMENT (CONT…) The reputation-based approach has been favored for environments such as Peer-to-Peer or Semantic Web. The existence of certifying authorities can not always be assumed but a large pool of individual user ratings is often available. Another common approach is to make requester to commit to contract/copyrights by clicking on the “accept” button Lightest approach to trust. – –Filling an HTML form.

17 APPROACHES TO TRUST MANGEMENT (CONT…) In order to make decisions in Real life scenarios In order to make decisions in Real life scenarios a combination of these approaches is needed. For Example, Transaction policies must handle expenses of all magnitudes, from micro payments to credit card payments of a thousand euros or even more. The cost of the traded goods or services contributes to determine the risk associated to the transaction and hence the trust measure required. Strong evidence is generally harder to gather and verify than lightweight evidence. Sometimes, a “soft” reputation measure or a declaration in the sense outlined above is all one can obtain in a given scenario.

18 APPROACHES TO TRUST MANGEMENT (CONT…) Success of Trust Management depends on the ability of the system to balance trust level and risk level for each task. Success of Trust Management depends on the ability of the system to balance trust level and risk level for each task. The following are two important research directions related to the area of trust The following are two important research directions related to the area of trust - -How should different forms of trust be integrated? - -How many different forms of evidence can be conceived?

19 AUTOMATED TRUST NEGOTIATION Access control presents difficult problems in a distributed environment. Access control presents difficult problems in a distributed environment. This problem becomes severe when resources and subject requesting it belong to different security domains. This problem becomes severe when resources and subject requesting it belong to different security domains. Common access control mechanisms provide authorization decisions based on the identity of the requester which is ineffective. Common access control mechanisms provide authorization decisions based on the identity of the requester which is ineffective. Automated trust negotiation solves this ineffectiveness. Automated trust negotiation solves this ineffectiveness.

20 AUTOMATED TRUST NEGOTIATION Attribute credentials are exchanged to establish trust among strangers who wish to share a resource. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive attribute credentials by using access control policies. In ATN peers are able to automatically negotiate credentials according to their own declarative, rule-based policies.

21 AUTOMATED TRUST NEGOTIATION(CONT..) Rules specify for each resource or credential request which properties should be satisfied by the subjects and objects involved. At each negotiation step, the next credential request is formulated essentially by reasoning with the policy, e.g. by inferring implications or computing abductions. Thus ATN plays an important role in establishing interoperability among peers. Its depends on and actively contributes in the area of Trust Management.

22 AUTOMATED TRUST NEGOTIATION(CONT..) How Negotiations takes place between peers? How Negotiations takes place between peers? Web Server ask for credentials from the client requesting resource. Web Server ask for credentials from the client requesting resource. The client in turn asks for server credentials to determine the validity of the server. The client in turn asks for server credentials to determine the validity of the server. Both are in symmetrical situation. Both are in symmetrical situation.

23 AUTOMATED TRUST NEGOTIATION(CONT..) peer decides how to react to incoming request based on local policy. Each peer decides how to react to incoming request based on local policy. Local policy is a set of rules written in logic programming. Local policy is a set of rules written in logic programming. Requests are formulated based on the rules from the policies. Requests are formulated based on the rules from the policies. Several factors are taken into account while formulating requests. Several factors are taken into account while formulating requests.

24 COOPERATIVE POLICY ENFORCEMENT It involves both machine-machine and human-machine interaction. It involves both machine-machine and human-machine interaction. Machine-machine interaction is handled by the various negotiation mechanisms as discussed earlier. Machine-machine interaction is handled by the various negotiation mechanisms as discussed earlier. Human-machine interaction is more problematic than expected. Human-machine interaction is more problematic than expected.

25 COOPERATIVE POLICY ENFORCEMENT (CONT...) Most users lack the technical expertise to tailor existing policies to match their own needs, causing easy access to their protected resources. Most users lack the technical expertise to tailor existing policies to match their own needs, causing easy access to their protected resources. Such lack of knowledge on the part of the users also affects privacy protection. Most users are not able to personalize their information release policies to suit their needs. Such lack of knowledge on the part of the users also affects privacy protection. Most users are not able to personalize their information release policies to suit their needs.

26 COOPERATIVE POLICY ENFORCEMENT (CONT...) To make the user understand the meaning of responses better, we bring in co- operative policy enforcement. To make the user understand the meaning of responses better, we bring in co- operative policy enforcement. This gives users the reasons for negative responses and suggestions for how to avoid such responses in the future. This gives users the reasons for negative responses and suggestions for how to avoid such responses in the future. Greater user awareness and control on policies are the main objectives of CPE.

27 COOPERATIVE POLICY ENFORCEMENT (CONT...) Policies are made user-friendly by using Policies are made user-friendly by using - -rule-based policy specification language -controlled natural language -advanced explanation mechanisms

28 COOPERATIVE POLICY ENFORCEMENT (CONT…) Several novel aspects are described in CPE: -tabled explanation structure - -suitable heuristics for focusing explanations -Heuristics are generic, i.e. domain independent

29 COOPERATIVE POLICY ENFORCEMENT (CONT…) - combination of tabling techniques and heuristics yields a novel method for explaining failure.

30 COOPERATIVE POLICY ENFORCEMENT (CONT…) Query answering is conceived for the following categories of users: – Users who try to understand how to obtain access permissions; – Users who monitor and verify their own privacy policy; – Policy managers who verify and monitor their policies.

31 COOPERATIVE POLICY ENFORCEMENT (CONT...) Find the right tradeoff between explanation quality and the effort for instantiating the framework in new application domains. Second generation explanation systems prescribe a sequence of expensive steps, including the creation of an independent domain knowledge base expressly for communicating with the user. This would be a serious obstacle to the applicability of the framework.

32 NATURAL LANGUAGE POLICIES Policies should be written by and understandable to users, to let them control behavior of their system. Policies should be formulated based on rules and stated in simple language. the inherent ambiguity of natural language is incompatible with the precision needed by security and privacy specifications

33 CONCLUSION Policies represents single body of declarative rules used in many possible ways, for negotiations, query answering, and other forms of system behavior control. Transparent interoperation based on ontology sharing will determine the success of trust negotiation.

34 CONCLUSION(CONT…) Users have better understanding and control over the policies that govern their systems with the help of Cooperative policy enforcement and Trust Management. Users have better understanding and control over the policies that govern their systems with the help of Cooperative policy enforcement and Trust Management. Policies will have to handle decisions under a wide range of risk levels and performance requirements. Policies will have to handle decisions under a wide range of risk levels and performance requirements.

35 REFERENCES. 1. Semantic Web Policies - A Discussion of Requirements and Research Issues by P.A. Bonatti1, C. Duma2,N.Fuchs3,W.Nejdl4, D. Olmedilla4, J. Peer5 and N. Shahmehri2 2. M. Y. Becker and P. Sewell. Cassandra: distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, Yorktown Heights, June 2004. 3. M. Blaze, J. Feigenbaum, and M. Strauss. Compliance Checking in the Policy- Maker Trust Management System. In Financial Cryptography, British West Indies, February 1998. 4. P. A. Bonatti, N. Shahmehri, C. Duma, D. Olmedilla, W. Nejdl, M. Baldoni, C. Baroglio, A. Martelli, V. Patti, P. Coraggio, G. Antoniou, J. Peer, and N. E. Fuchs. Rule-based policy specification: State of the art and future work. Technical report, Working Group I2, EU NoE REWERSE, aug 2004. http://rewerse.net/ deliverables/i2-d1.pdf. 5. P.A. Bonatti, D. Olmedilla, and J. Peer. Advanced policy queries. Technical Report I2-D4, Working Group I2, EU NoE REWERSE, Aug 2005. http://www.rewerse.net.

36 REFERENCES 6. P.A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 10(3):241–272, 2002. Short version in the Proc. of the Conference on Computer and Communications Security (CCS’00), Athens, 2000. 7. Piero A. Bonatti, Claudiu Duma, Daniel Olmedilla, and Nahid Shahmehri. An integration of reputation-based and policy-based trust management. In Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland, nov 2005. 8. Piero A. Bonatti and Daniel Olmedilla. Driving and monitoring provisional trust negotiation with metapolicies. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pages 14–23, Stockholm, Sweden, jun 2005. IEEE Computer Society. 9. Paulo P. da Silva, Deborah L. McGuinness, and Richard Fikes. A proof markup language for semantic web services. Technical Report KSL Tech Report KSL-04-01, January, 2004. 10. Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons, and Marianne Winslett. No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In 1st European Semantic

Download ppt "Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Modelling with expert systems. Expert systems Modelling with expert systems Coaching modelling with expert systems Advantages and limitations of modelling.

Modelling with expert systems. Expert systems Modelling with expert systems Coaching modelling with expert systems Advantages and limitations of modelling.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
For e-Business F. Dignum Utrecht University Trust Reputation and.

For e-Business F. Dignum Utrecht University Trust Reputation and.
Auditing Concepts.

Auditing Concepts.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.

Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Security Models for Trusting Network Appliances From : IEEE ( 2002 ) Author : Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.

Security Models for Trusting Network Appliances From : IEEE ( 2002 ) Author : Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Similar presentations

Ads by Google