Rule-Based Policy Representation and Reasoning for the Semantic Web

  • Piero A. Bonatti
  • Daniel Olmedilla
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4636)

Abstract

The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure.

However, the term policy is often overloaded. A general definition might be “a statement that defines the behaviour of a system”. However, such a general definition encompasses different notions, including security policies, trust management policies, business rules and quality of service specifications, just to name a few. Researchers have mainly focussed on one or more of such notions separately but not on a comprehensive view. Policies are pervasive in web applications and play crucial roles in enhancing security, privacy, and service usability as well. Interoperability and self-describing semantics become key requirements and here is where Semantic Web comes into play. There has been extensive research on policies, also in the Semantic Web community, but there still exist some issues that prevent policy frameworks from being widely adopted by users and real world applications.

This document aims at providing an overall view of the state of the art (requirements for a policy framework, some existing policy frameworks languages, policy negotiation, context awareness, etc.) as well as open research issues in the area (policy understanding in a broad sense, integration of trust management, increase in system cooperation, user awareness, etc.) required to develop a successful Semantic Policy Framework.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Berners-Lee, T., Hendler, J., Lassila, O.: The Semantic Web. Scientific American (May 2001)Google Scholar
  2. 2.
    Antoniou, G., Baldoni, M., Bonatti, P.A., Nejdl, W., Olmedilla, D.: Rule-based policy specification. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Advances in Information Security, vol. 33, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust management for public-key infrastructures (position paper). In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Uszok, A., Bradshaw, J.M., Jeffers, R., Suri, N., Hayes, P.J., Breedy, M.R., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: POLICY, p. 93 (2003)Google Scholar
  6. 6.
    Kagal, L., Finin, T.W., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: POLICY 2005. 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, pp. 14–23. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  9. 9.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In: International Semantic Web Conference, pp. 419–437 (2003)Google Scholar
  10. 10.
    Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T.W., Sycara, K.P.: Authorization and privacy for semantic web services. IEEE Intelligent Systems 19(4), 50–56 (2004)CrossRefGoogle Scholar
  11. 11.
    Taveter, K., Wagner, G.: Agent-oriented enterprise modeling based on business rules. In: Kunii, H.S., Jajodia, S., Sølvberg, A. (eds.) ER 2001. LNCS, vol. 2224, pp. 527–540. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, IEEE Press, Los Alamitos (2000)Google Scholar
  13. 13.
    Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005. LNCS, vol. 3532, pp. 290–302. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Bonatti, P.A., Duma, C., Fuchs, N., Nejdl, W., Olmedilla, D., Peer, J., Shahmehri, N.: Semantic web policies - a discussion of requirements and research issues. In: Sure, Y., Domingue, J. (eds.) ESWC 2006. LNCS, vol. 4011, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Olmedilla, D.: Security and privacy on the semantic web. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy and Trust in Modern Data Management, Springer, Heidelberg (to appear, 2007)Google Scholar
  16. 16.
    Bradshaw, J.M., Uszok, A., Jeffers, R., Suri, N., Hayes, P.J., Burstein, M.H., Acquisti, A., Benyo, B., Breedy, M.R., Carvalho, M.M., Diller, D.J., Johnson, M., Kulkarni, S., Lott, J., Sierhuis, M., von Hoof, R.: Representation and reasoning for DAML-based policy and domain services in KAoS and nomads. In: The Second International Joint Conference on Autonomous Agents & Multiagent Systems (AAMAS), Melbourne, Victoria, Australia (2003)Google Scholar
  17. 17.
    Dean, M., Schreiber, G.: OWL web ontology language reference (2004)Google Scholar
  18. 18.
    Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.): The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge (2003)MATHGoogle Scholar
  19. 19.
    Kagal, L.: A Policy-Based Approach to Governing Autonomous Behaviour in Distributed Environments. PhD thesis, University of Maryland Baltimore County (2004)Google Scholar
  20. 20.
    Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: CCS 2000. Conference on Computer and Communications Security, Athens (2000)Google Scholar
  21. 21.
    Li, N., Mitchell, J.C.: RT: A Role-based Trust-management Framework. In: DISCEX. DARPA Information Survivability Conference and Exposition, Washington, DC (2003)Google Scholar
  22. 22.
    Trevor, J., Suciu, D.: Dynamically distributed query evaluation. In: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, Santa Barbara, CA, USA, ACM, New York (2001)Google Scholar
  23. 23.
    Alves, M., Damásio, C.V., Nejdl, W., Olmedilla, D.: A distributed tabling algorithm for rule based policy systems. In: POLICY 2006. 7th IEEE International Workshop on Policies for Distributed Systems and Networks, London, Ontario, Canada, pp. 123–132. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  24. 24.
    Bonatti, P.A., Olmedilla, D., Peer, J.: Advanced policy explanations on the web. In: ECAI 2006. 17th European Conference on Artificial Intelligence, Riva del Garda, Italy, pp. 200–204. IOS Press, Amsterdam (2006)Google Scholar
  25. 25.
    Kolari, P., Ding, L., Ganjugunte, S., Joshi, A., Finin, T.W., Kagal, L.: Enhancing web privacy protection through declarative policies. In: POLICY 2005. 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, pp. 57–66. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  26. 26.
    Staab, S., Bhargava, B.K., Lilien, L., Rosenthal, A., Winslett, M., Sloman, M., Dillon, T.S., Chang, E., Hussain, F.K., Nejdl, W., Olmedilla, D., Kashyap, V.: The pudding of trust. IEEE Intelligent Systems 19(5), 74–88 (2004)CrossRefGoogle Scholar
  27. 27.
    Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.P.: Security for daml web services: Annotation and matchmaking. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)Google Scholar
  28. 28.
    Olmedilla, D., Lara, R., Polleres, A., Lausen, H.: Trust negotiation for semantic web services. In: Cardoso, J., Sheth, A.P. (eds.) SWSWPC 2004. LNCS, vol. 3387, pp. 81–95. Springer, Heidelberg (2005)Google Scholar
  29. 29.
    Grid Security Infrastructure, http://www.globus.org/security/overview.html
  30. 30.
    Uszok, A., Bradshaw, J.M., Jeffers, R.: Kaos: A policy and domain services framework for grid computing and semantic web services. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 16–26. Springer, Heidelberg (2004)Google Scholar
  31. 31.
    Constandache, I., Olmedilla, D., Nejdl, W.: Policy based dynamic negotiation for grid services authorization. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (2005)Google Scholar
  32. 32.
    Li Gong: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading (1999)Google Scholar
  33. 33.
    Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of the 5th ICLP, pp. 1070–1080. MIT Press, Cambridge (1988)Google Scholar
  34. 34.
    Bertino, E., Ferrari, E., Buccafurri, F., Rullo, P.: A logical framework for reasoning on data access control policies. In: CSFW 1999. Proc. of the 12th IEEE Computer Security Foundations Workshop, pp. 175–189. IEEE Computer Society, Los Alamitos (1999)Google Scholar
  35. 35.
    Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)CrossRefGoogle Scholar
  36. 36.
    Palopoli, L., Zaniolo, C.: Polynomial-time computable stable models. Ann. Math. Artif. Intell. 17(3-4), 261–290 (1996)MATHCrossRefMathSciNetGoogle Scholar
  37. 37.
    Saccà, D., Zaniolo, C.: Stable models and non-determinism in logic programs with negation. In: PODS 1990. Proc. of the Ninth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 205–217. ACM, New York (1990)CrossRefGoogle Scholar
  38. 38.
    Apt, K.R., Blair, H.A., Walker, A.: Towards a theory of declarative knowledge. In: Foundations of Deductive Databases and Logic Programming, pp. 89–148. Morgan Kaufmann, San Francisco (1988)Google Scholar
  39. 39.
    Bonatti, P.A., Shahmehri, N., Duma, C., Olmedilla, D., Nejdl, W., Baldoni, M., Baroglio, C., Martelli, A., Patti, V., Coraggio, P., Antoniou, G., Peer, J., Fuchs, N.E.: Rule-based policy specification: State of the art and future work. Technical report, Working Group I2, EU NoE REWERSE (August 2004), http://rewerse.net/deliverables/i2-d1.pdf
  40. 40.
    Subrahmanian, V.S., Adali, S., Brink, A., Emery, R., Lu, J.J., Rajput, A., Rogers, T.J., Ross, R., Ward, C.: Hermes: Heterogeneous reasoning and mediator system, http://www.cs.umd.edu/projects/publications/abstracts/hermes.html
  41. 41.
    Subrahmanian, V.S., Bonatti, P.A., Dix, J., Eiter, T., Kraus, S., Ozcan, F., Ross, R.: Heterogenous Active Agents. MIT Press, Cambridge (2000)Google Scholar
  42. 42.
    Rosenthal, A., Winslett, M.: Security of shared data in large systems: State of the art and research directions. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, Paris, France, June 13-18, 2004, pp. 962–964. ACM, New York (2004)CrossRefGoogle Scholar
  43. 43.
    Bonatti, P.A., Duma, C., Olmedilla, D., Shahmehri, N.: An integration of reputation-based and policy-based trust management. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Ireland (2005)Google Scholar
  44. 44.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust Management System. In: Financial Cryptography, British West Indies (February 1998)Google Scholar
  45. 45.
    Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. Journal of Computer Security 10(3), 241–272 (2000)Google Scholar
  46. 46.
    Winsborough, W., Seamons, K., Jones, V.: Negotiating Disclosure of Sensitive Credentials. In: Second Conference on Security in Communication Networks, Amalfi, Italy (September 1999)Google Scholar
  47. 47.
    Winsborough, W., Seamons, K., Jones, V.: Automated Trust Negotiation. In: DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC (2000)Google Scholar
  48. 48.
    Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 6(6), 30–37 (2002)CrossRefGoogle Scholar
  49. 49.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)MATHCrossRefGoogle Scholar
  50. 50.
    Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks, Yorktown Heights (2004)Google Scholar
  51. 51.
    Seamons, K., Winslett, M., Yu, T., Smith, B., Child, E., Jacobsen, J., Mills, H., Yu, L.: Requirements for Policy Languages for Trust Negotiation. In: 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA (2002)Google Scholar
  52. 52.
    Li, N., Winsborough, W., Mitchell, J.C.: Distributed Credential Chain Discovery in Trust Management (Extended Abstract). In: ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, ACM, New York (2001)Google Scholar
  53. 53.
    Zhang, C., Bonatti, P.A., Winslett, M.: Peeraccess: A logic for distributed authorization. In: CCS 2005. 12th ACM Conference on Computer and Communication Security, Alexandria, VA, USA, ACM Press, New York (2005)Google Scholar
  54. 54.
    McGuinness, D.L., da Silva, P.P.: Explaining answers from the semantic web: The inference web approach. Journal of Web Semantics 1(4), 397–413 (2004)Google Scholar
  55. 55.
    McGuinness, D.L., da Silva, P.P.: Trusting answers from web applications. In: New Directions in Question Answering, pp. 275–286 (2004)Google Scholar
  56. 56.
    da Silva, P.P., McGuinness, D.L., Fikes, R.: A proof markup language for semantic web services. Technical Report KSL Tech Report KSL-04-01 (January 2004)Google Scholar
  57. 57.
    Swartout, W., Paris, C., Moore, J.: Explanations in knowledge systems: Design for explainable expert systems. IEEE Expert: Intelligent Systems and Their Applications 6(3), 58–64 (1991)Google Scholar
  58. 58.
    Tanner, M.C., Keuneke, A.M.: Explanations in knowledge systems: The roles of the task structure and domain functional models. IEEE Expert: Intelligent Systems and Their Applications 6(3), 50–57 (1991)Google Scholar
  59. 59.
    Wick, M.R.: Second generation expert system explanation. In: David, J.-M., Krivine, J.-P., Simmons, R. (eds.) Second Generation Expert Systems, pp. 614–640. Springer, Heidelberg (1993)Google Scholar
  60. 60.
    Kolovski, V., Katz, Y., Hendler, J., Weitzner, D., Berners-Lee, T.: Towards a policy-aware web. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Piero A. Bonatti
    • 1
  • Daniel Olmedilla
    • 2
  1. 1.Università di Napoli Federico II, NapoliItaly
  2. 2.L3S Research Center and University of Hannover 

Personalised recommendations