Rule-Based Policy Representations and Reasoning

  • Piero Andrea Bonatti
  • Juri Luca De Coi
  • Daniel Olmedilla
  • Luigi Sauro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5500)

Abstract

Trust and policies are going to play a crucial role in enabling the potential of many web applications. Policies are a well-known approach to protecting security and privacy of users in the context of the Semantic Web: in the last years a number of policy languages were proposed to address different application scenarios.

The first part of this chapter provides a broad overview of the research field by accounting for twelve relevant policy languages and comparing them on the strength of ten criteria which should be taken into account in designing every policy language. By comparing the choices designers made in addressing such criteria, useful conclusions can be drawn about strong points and weaknesses of each policy language.

The second part of this chapter is devoted to the description of the Protune framework, a system for specifying and cooperatively enforcing security and privacy policies on the Semantic Web developed within the network of excellence REWERSE. We describe the framework’s functionalities, provide details about their implementation, and report the results of performance evaluation experiments.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anderson, A.H.: An introduction to the web services policy language (wspl). In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 189–192. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  2. 2.
    Anderson, A.H.: A comparison of two privacy policy languages: Epal and xacml. In: Proceedings of the 3rd ACM workshop on Secure web services, pp. 53–60. ACM Press, New York (2006)CrossRefGoogle Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (epal 1.2). Technical report, IBM (November 2003)Google Scholar
  4. 4.
    Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM symposium on Applied computing, pp. 375–382. ACM Press, New York (2004)CrossRefGoogle Scholar
  5. 5.
    Baselice, S., Bonatti, P., Faella, M.: On interoperable trust negotiation strategies. In: IEEE POLICY 2007, pp. 39–50. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  6. 6.
    Becker, M.Y., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, pp. 159–168. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  7. 7.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)Google Scholar
  8. 8.
    Bonatti, P., Olmedilla, D., Peer, J.: Advanced policy explanations. In: 17th European Conference on Artificial Intelligence (ECAI 2006), Riva del Garda, Italy. IOS Press, Amsterdam (2006)Google Scholar
  9. 9.
    Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 134–143. ACM Press, New York (2000)Google Scholar
  10. 10.
    Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, pp. 14–23. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  11. 11.
    Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: 6th IEEE Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, pp. 14–23. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  12. 12.
    Bonatti, P.A., Olmedilla, D., Peer, J.: Advanced policy explanations on the web. In: 17th European Conference on Artificial Intelligence (ECAI 2006), Riva del Garda, Italy, pp. 200–204. IOS Press, Amsterdam (2006)Google Scholar
  13. 13.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: 2nd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 18–38. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Duma, C., Herzog, A., Shahmehri, N.: Privacy in the semantic web: What policy languages have to offer. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks-TOC (POLICY), pp. 5–8. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  15. 15.
    Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: 2000 IEEE Symposium on Security and Privacy, pp. 2–14. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  17. 17.
    Kagal, L., Finin, T.W., Joshi, A.: A policy language for a pervasive computing environment. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), Lake Como, Italy, pp. 63–74. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  18. 18.
    Li, N., Mitchell, J.C.: Rt: A role-based trust-management framework. In: Third DARPA Information Survivability Conference and Exposition (DISCEX III). IEEE Computer Society, Los Alamitos (2003)Google Scholar
  19. 19.
    Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using xacml for access control in distributed systems. In: Proceedings of the 2003 ACM workshop on XML security, pp. 25–37. ACM Press, New York (2003)CrossRefGoogle Scholar
  20. 20.
    Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY), Monterey, CA, USA, pp. 68–79. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  21. 21.
    Simon Godik, T.M.: Oasis extensible access control markup language (xacml) version 1.0. Technical report, OASIS (February 2003)Google Scholar
  22. 22.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of kaos, rei, and ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Uszok, A., Bradshaw, J.M., Jeffers, R., Suri, N., Hayes, P.J., Breedy, M.R., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), Lake Como, Italy, pp. 93–96. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  24. 24.
    Winsborough, W., Seamons, K., Jones, V.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, DISCEX 2000. Proceedings, pp. 88–102. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  25. 25.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Piero Andrea Bonatti
    • 1
  • Juri Luca De Coi
    • 2
  • Daniel Olmedilla
    • 2
    • 3
  • Luigi Sauro
    • 1
  1. 1.Università di Napoli Federico IINapoliItaly
  2. 2.Forschungszentrum L3SHannoverGermany
  3. 3.Telefónica Research & DevelopmentMadridSpain

Personalised recommendations