The POLIPO Security Framework

  • Daniel Trivellato
  • Sandro Etalle
  • Erik Luit
  • Nicola Zannone


Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems’ autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems’ vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain.


Security Policy Service Oriented Architecture Trust Management Access Request Security Domain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This research has been carried out as a part of the Poseidon project at Thales under the responsibilities of the Embedded Systems Institute (ESI). This project is partially supported by the Dutch Ministry of Economic Affairs under the BSIK program.


  1. 1.
    Becker MY, Sewell P (2004) Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the 5th IEEE international workshop on policies for distributed systems and networks, POLICY’04, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 159–168Google Scholar
  2. 2.
    Bhatti R, Bertino E, Ghafoor A (2005) A trust-based context-aware access control model for web-services. Distrib Parallel Database 18(1):83–105CrossRefGoogle Scholar
  3. 3.
    Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the 1996 IEEE symposium on security and privacy, SP’96. IEEE Computer Society, Los Alamitos, pp 164–173Google Scholar
  4. 4.
    Böhm K, Etalle S, den Hartog J, Hütter C, Trabelsi S, Trivellato D, Zannone N (2010) Flexible architecture for privacy-aware trust management. J Theor Appl Electron Commer Res 5(2):77–96CrossRefGoogle Scholar
  5. 5.
    Czenko M, Etalle S (2007) Core TuLiP logic programming for trust management. In: Proceedings of the 23rd international conference on logic programming, ICLP’07, Porto, Portugal. Lecture notes in computer science, vol. 4670. Springer, Berlin, pp 380–394Google Scholar
  6. 6.
    Dersingh A, Liscano R, Jost A (2008) Context-aware access control using semantic policies. Ubiquitous Comput Commun J (UBICC) 3:19–32. Special issue on autonomic Computing Systems and ApplicationsGoogle Scholar
  7. 7.
    Doan A, Madhavan J, Dhamankar R, Domingos P, Halevy A (2003) Learning to match ontologies on the semantic web. VLDB J 12(4):303–319CrossRefGoogle Scholar
  8. 8.
    Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55:1259–1270CrossRefGoogle Scholar
  9. 9.
    Heeps S, Sventek J, Dulay N, Filho AS, Lupu E, Sloman M, Strowes S (2007) Dynamic ontology mapping for interacting autonomous systems. In: Proceedings of the 2nd international workshop on self-organizing systems, IWSOS’07, The Lake District, UK. Lecture notes in computer science, vol 4725. Springer, Berlin, pp 255–263Google Scholar
  10. 10.
    Horrocks I, Patel-Schneider PF, Bechhofer S, Tsarkov D (2005) OWL rules: a proposal and prototype implementation. J Web Semant 3(1):23–40CrossRefGoogle Scholar
  11. 11.
    Kagal L, Paolucci M, Srinivasan N, Denker G, Finin T, Sycara K (2004) Authorization and privacy for semantic web services. IEEE Intell Syst 19(4):50–56CrossRefGoogle Scholar
  12. 12.
    Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 114–130Google Scholar
  13. 13.
    Li N, Winsborough WH, Mitchell JC (2003) Distributed credential chain discovery in trust management. J Comput Secur 11(1):35–86Google Scholar
  14. 14.
    Nejdl W, Olmedilla D, Winslett M (2004) PeerTrust: automated trust negotiation for peers on the semantic web. In: Proceedings of the 2004 VLDB workshop on secure data management, SDM’04. Lecture notes in computer science, vol 3178. Springer, Berlin, pp 118–132Google Scholar
  15. 15.
    Ngan LD, Hang TM, Goh AES (2006) Semantic similarity between concepts from different OWL ontologies. In: Proceedings of the 5th IEEE international conference on industrial informatics, INDIN’06. IEEE Computer Society, Los Alamitos, pp 618–623Google Scholar
  16. 16.
    Nguyen HA, Al-Mubaid H (2006) A Combination-based semantic similarity measure using multiple information sources. In: Proceedings of the 2006 IEEE international conference on information reuse and integration, IRI’06. IEEE Systems, Man, and Cybernetics Society, Piscataway, pp 617–621Google Scholar
  17. 17.
    OASIS (2005) eXtensible Access Control Markup Language (XACML) Version 2.0. Technical report, OASIS standard.
  18. 18.
    OASIS (2006) Reference model for service oriented architecture 1.0. OASIS standard.
  19. 19.
    Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the network and distributed system security symposium, NDSS’01, San Diego, CA, USA. The Internet Society, RestonGoogle Scholar
  20. 20.
    Stine K, Kissel R, Barker WC, Lee A, Fahlsing J (2008) Guide for mapping types of information and information systems to security categories. Special publication SP 800–60 Rev. 1. National Institute of Standards and Technology (NIST), GaithersburgGoogle Scholar
  21. 21.
    Trivellato D, Spiessens F, Zannone N, Etalle S (2009) POLIPO: Policies & OntoLogies for Interoperability, Portability, and Autonomy. In: 10th IEEE international symposium on policies for distributed systems and networks (POLICY’09). IEEE Computer Society, Los Alamitos, pp 110–113Google Scholar
  22. 22.
    Trivellato D, Spiessens F, Zannone N, Etalle S (2009) Reputation-based ontology alignment for autonomy and interoperability in distributed access control. In: IEEE international conference on computational science and engineering (CSE’09), vol 3. IEEE Computer Society, Los Alamitos, pp 252–258Google Scholar
  23. 23.
    Trivellato D, Zannone N, Etalle S (2010) GEM: a distributed goal evaluation algorithm for trust management. Computer science report CS 10–15, Eindhoven University of Technology.
  24. 24.
    Trivellato D, Zannone N, Etalle S (2011) A security framework for systems of systems. In: 12th IEEE international conference on policies for distributed systems and networks (POLICY’11). IEEE Computer Society, Los Alamitos, pp 182–183Google Scholar
  25. 25.
    Trivellato D, Zannone N, Etalle S (2011) Poster: protecting information in systems of systems. In: Chen Y, Danezis G, Shmatikov V (eds) 18th ACM conference on computer and communications security (CCS’11). ACM, New York, 2011, pp 865–868CrossRefGoogle Scholar
  26. 26.
    Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) KAoS policy management for semantic web services. IEEE Intell Syst 19(4):32–41 (2004)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Daniel Trivellato
    • 1
  • Sandro Etalle
    • 1
    • 2
  • Erik Luit
    • 1
  • Nicola Zannone
    • 1
  1. 1.Department of Mathematics and Computer ScienceEindhoven University of TechnologyEindhovenThe Netherlands
  2. 2.Faculty of Electrical Engineering, Mathematics and Computer ScienceUniversity of TwenteEnschedeThe Netherlands

Personalised recommendations