Skip to main content
SpringerLink
Log in

The POLIPO Security Framework

  • Chapter
  • First Online:
Situation Awareness with Systems of Systems

  • 1364 Accesses

Abstract

Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems’ autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems’ vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Becker MY, Sewell P (2004) Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the 5th IEEE international workshop on policies for distributed systems and networks, POLICY’04, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 159–168

    Google Scholar 

  2. Bhatti R, Bertino E, Ghafoor A (2005) A trust-based context-aware access control model for web-services. Distrib Parallel Database 18(1):83–105

    Article  Google Scholar 

  3. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the 1996 IEEE symposium on security and privacy, SP’96. IEEE Computer Society, Los Alamitos, pp 164–173

    Google Scholar 

  4. Böhm K, Etalle S, den Hartog J, Hütter C, Trabelsi S, Trivellato D, Zannone N (2010) Flexible architecture for privacy-aware trust management. J Theor Appl Electron Commer Res 5(2):77–96

    Article  Google Scholar 

  5. Czenko M, Etalle S (2007) Core TuLiP logic programming for trust management. In: Proceedings of the 23rd international conference on logic programming, ICLP’07, Porto, Portugal. Lecture notes in computer science, vol. 4670. Springer, Berlin, pp 380–394

    Google Scholar 

  6. Dersingh A, Liscano R, Jost A (2008) Context-aware access control using semantic policies. Ubiquitous Comput Commun J (UBICC) 3:19–32. Special issue on autonomic Computing Systems and Applications

    Google Scholar 

  7. Doan A, Madhavan J, Dhamankar R, Domingos P, Halevy A (2003) Learning to match ontologies on the semantic web. VLDB J 12(4):303–319

    Article  Google Scholar 

  8. Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55:1259–1270

    Article  Google Scholar 

  9. Heeps S, Sventek J, Dulay N, Filho AS, Lupu E, Sloman M, Strowes S (2007) Dynamic ontology mapping for interacting autonomous systems. In: Proceedings of the 2nd international workshop on self-organizing systems, IWSOS’07, The Lake District, UK. Lecture notes in computer science, vol 4725. Springer, Berlin, pp 255–263

    Google Scholar 

  10. Horrocks I, Patel-Schneider PF, Bechhofer S, Tsarkov D (2005) OWL rules: a proposal and prototype implementation. J Web Semant 3(1):23–40

    Article  Google Scholar 

  11. Kagal L, Paolucci M, Srinivasan N, Denker G, Finin T, Sycara K (2004) Authorization and privacy for semantic web services. IEEE Intell Syst 19(4):50–56

    Article  Google Scholar 

  12. Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02, Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 114–130

    Google Scholar 

  13. Li N, Winsborough WH, Mitchell JC (2003) Distributed credential chain discovery in trust management. J Comput Secur 11(1):35–86

    Google Scholar 

  14. Nejdl W, Olmedilla D, Winslett M (2004) PeerTrust: automated trust negotiation for peers on the semantic web. In: Proceedings of the 2004 VLDB workshop on secure data management, SDM’04. Lecture notes in computer science, vol 3178. Springer, Berlin, pp 118–132

    Google Scholar 

  15. Ngan LD, Hang TM, Goh AES (2006) Semantic similarity between concepts from different OWL ontologies. In: Proceedings of the 5th IEEE international conference on industrial informatics, INDIN’06. IEEE Computer Society, Los Alamitos, pp 618–623

    Google Scholar 

  16. Nguyen HA, Al-Mubaid H (2006) A Combination-based semantic similarity measure using multiple information sources. In: Proceedings of the 2006 IEEE international conference on information reuse and integration, IRI’06. IEEE Systems, Man, and Cybernetics Society, Piscataway, pp 617–621

    Google Scholar 

  17. OASIS (2005) eXtensible Access Control Markup Language (XACML) Version 2.0. Technical report, OASIS standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  18. OASIS (2006) Reference model for service oriented architecture 1.0. OASIS standard. http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf

  19. Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the network and distributed system security symposium, NDSS’01, San Diego, CA, USA. The Internet Society, Reston

    Google Scholar 

  20. Stine K, Kissel R, Barker WC, Lee A, Fahlsing J (2008) Guide for mapping types of information and information systems to security categories. Special publication SP 800–60 Rev. 1. National Institute of Standards and Technology (NIST), Gaithersburg

    Google Scholar 

  21. Trivellato D, Spiessens F, Zannone N, Etalle S (2009) POLIPO: Policies & OntoLogies for Interoperability, Portability, and Autonomy. In: 10th IEEE international symposium on policies for distributed systems and networks (POLICY’09). IEEE Computer Society, Los Alamitos, pp 110–113

    Google Scholar 

  22. Trivellato D, Spiessens F, Zannone N, Etalle S (2009) Reputation-based ontology alignment for autonomy and interoperability in distributed access control. In: IEEE international conference on computational science and engineering (CSE’09), vol 3. IEEE Computer Society, Los Alamitos, pp 252–258

    Google Scholar 

  23. Trivellato D, Zannone N, Etalle S (2010) GEM: a distributed goal evaluation algorithm for trust management. Computer science report CS 10–15, Eindhoven University of Technology. http://alexandria.tue.nl/repository/books/695281.pdf

  24. Trivellato D, Zannone N, Etalle S (2011) A security framework for systems of systems. In: 12th IEEE international conference on policies for distributed systems and networks (POLICY’11). IEEE Computer Society, Los Alamitos, pp 182–183

    Google Scholar 

  25. Trivellato D, Zannone N, Etalle S (2011) Poster: protecting information in systems of systems. In: Chen Y, Danezis G, Shmatikov V (eds) 18th ACM conference on computer and communications security (CCS’11). ACM, New York, 2011, pp 865–868

    Chapter  Google Scholar 

  26. Uszok A, Bradshaw JM, Johnson M, Jeffers R, Tate A, Dalton J, Aitken S (2004) KAoS policy management for semantic web services. IEEE Intell Syst 19(4):32–41 (2004)

    Article  Google Scholar 

Download references

Acknowledgements

This research has been carried out as a part of the Poseidon project at Thales under the responsibilities of the Embedded Systems Institute (ESI). This project is partially supported by the Dutch Ministry of Economic Affairs under the BSIK program.

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands

    Daniel Trivellato, Sandro Etalle, Erik Luit & Nicola Zannone

  2. Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands

    Sandro Etalle

Authors
  1. Daniel Trivellato
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandro Etalle
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erik Luit
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicola Zannone
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Trivellato .

Editor information

Editors and Affiliations

  1. , TU/e Campus, Laplace building 0.10, Embedded Systems Institute, Den Dolech 2, 5600 MB, Eindhoven, Netherlands

    Piërre van de Laar

  2. , TU/e Campus, Laplace building 0.10, Embedded Systems Institute, Den Dolech 2, Eindhoven, 5600 MB, Netherlands

    Jan Tretmans

  3. , TU/e Campus, Laplace building 0.10, Embedded Systems Institute, Den Dolech 2, Eindhoven, 5600 MB, Netherlands

    Michael Borth

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this chapter

Cite this chapter

Trivellato, D., Etalle, S., Luit, E., Zannone, N. (2013). The POLIPO Security Framework. In: van de Laar, P., Tretmans, J., Borth, M. (eds) Situation Awareness with Systems of Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-6230-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-6230-9_12

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-6229-3

  • Online ISBN: 978-1-4614-6230-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation