Abstract
Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems’ autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems’ vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Becker MY, Sewell P (2004) Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the 5th IEEE international workshop on policies for distributed systems and networks, POLICY’04, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 159–168
Bhatti R, Bertino E, Ghafoor A (2005) A trust-based context-aware access control model for web-services. Distrib Parallel Database 18(1):83–105
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the 1996 IEEE symposium on security and privacy, SP’96. IEEE Computer Society, Los Alamitos, pp 164–173
Böhm K, Etalle S, den Hartog J, Hütter C, Trabelsi S, Trivellato D, Zannone N (2010) Flexible architecture for privacy-aware trust management. J Theor Appl Electron Commer Res 5(2):77–96
Czenko M, Etalle S (2007) Core TuLiP logic programming for trust management. In: Proceedings of the 23rd international conference on logic programming, ICLP’07, Porto, Portugal. Lecture notes in computer science, vol. 4670. Springer, Berlin, pp 380–394
Dersingh A, Liscano R, Jost A (2008) Context-aware access control using semantic policies. Ubiquitous Comput Commun J (UBICC) 3:19–32. Special issue on autonomic Computing Systems and Applications
Doan A, Madhavan J, Dhamankar R, Domingos P, Halevy A (2003) Learning to match ontologies on the semantic web. VLDB J 12(4):303–319
Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55:1259–1270
Heeps S, Sventek J, Dulay N, Filho AS, Lupu E, Sloman M, Strowes S (2007) Dynamic ontology mapping for interacting autonomous systems. In: Proceedings of the 2nd international workshop on self-organizing systems, IWSOS’07, The Lake District, UK. Lecture notes in computer science, vol 4725. Springer, Berlin, pp 255–263
Horrocks I, Patel-Schneider PF, Bechhofer S, Tsarkov D (2005) OWL rules: a proposal and prototype implementation. J Web Semant 3(1):23–40
Kagal L, Paolucci M, Srinivasan N, Denker G, Finin T, Sycara K (2004) Authorization and privacy for semantic web services. IEEE Intell Syst 19(4):50–56
Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 114–130
Li N, Winsborough WH, Mitchell JC (2003) Distributed credential chain discovery in trust management. J Comput Secur 11(1):35–86
Nejdl W, Olmedilla D, Winslett M (2004) PeerTrust: automated trust negotiation for peers on the semantic web. In: Proceedings of the 2004 VLDB workshop on secure data management, SDM’04. Lecture notes in computer science, vol 3178. Springer, Berlin, pp 118–132
Ngan LD, Hang TM, Goh AES (2006) Semantic similarity between concepts from different OWL ontologies. In: Proceedings of the 5th IEEE international conference on industrial informatics, INDIN’06. IEEE Computer Society, Los Alamitos, pp 618–623
Nguyen HA, Al-Mubaid H (2006) A Combination-based semantic similarity measure using multiple information sources. In: Proceedings of the 2006 IEEE international conference on information reuse and integration, IRI’06. IEEE Systems, Man, and Cybernetics Society, Piscataway, pp 617–621
OASIS (2005) eXtensible Access Control Markup Language (XACML) Version 2.0. Technical report, OASIS standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
OASIS (2006) Reference model for service oriented architecture 1.0. OASIS standard. http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf
Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the network and distributed system security symposium, NDSS’01, San Diego, CA, USA. The Internet Society, Reston
Stine K, Kissel R, Barker WC, Lee A, Fahlsing J (2008) Guide for mapping types of information and information systems to security categories. Special publication SP 800–60 Rev. 1. National Institute of Standards and Technology (NIST), Gaithersburg
Trivellato D, Spiessens F, Zannone N, Etalle S (2009) POLIPO: Policies & OntoLogies for Interoperability, Portability, and Autonomy. In: 10th IEEE international symposium on policies for distributed systems and networks (POLICY’09). IEEE Computer Society, Los Alamitos, pp 110–113
Trivellato D, Spiessens F, Zannone N, Etalle S (2009) Reputation-based ontology alignment for autonomy and interoperability in distributed access control. In: IEEE international conference on computational science and engineering (CSE’09), vol 3. IEEE Computer Society, Los Alamitos, pp 252–258
Trivellato D, Zannone N, Etalle S (2010) GEM: a distributed goal evaluation algorithm for trust management. Computer science report CS 10–15, Eindhoven University of Technology. http://alexandria.tue.nl/repository/books/695281.pdf
Trivellato D, Zannone N, Etalle S (2011) A security framework for systems of systems. In: 12th IEEE international conference on policies for distributed systems and networks (POLICY’11). IEEE Computer Society, Los Alamitos, pp 182–183
Trivellato D, Zannone N, Etalle S (2011) Poster: protecting information in systems of systems. In: Chen Y, Danezis G, Shmatikov V (eds) 18th ACM conference on computer and communications security (CCS’11). ACM, New York, 2011, pp 865–868
Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) KAoS policy management for semantic web services. IEEE Intell Syst 19(4):32–41 (2004)
Acknowledgements
This research has been carried out as a part of the Poseidon project at Thales under the responsibilities of the Embedded Systems Institute (ESI). This project is partially supported by the Dutch Ministry of Economic Affairs under the BSIK program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this chapter
Cite this chapter
Trivellato, D., Etalle, S., Luit, E., Zannone, N. (2013). The POLIPO Security Framework. In: van de Laar, P., Tretmans, J., Borth, M. (eds) Situation Awareness with Systems of Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-6230-9_12
Download citation
DOI: https://doi.org/10.1007/978-1-4614-6230-9_12
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-6229-3
Online ISBN: 978-1-4614-6230-9
eBook Packages: EngineeringEngineering (R0)