Abstract
Tactical mobile ad-hoc networks are likely to suffer from highly restricted link capacity and intermittent connectivity loss, but must provide secure access to services. The conditions under which services may be accessed and which security requirements must be maintained will vary dynamically, and local policies will hence change on a per-node basis even when starting from a common baseline such as when nodes obtain new information.
In this paper we describe a mechanism allowing structured security policies to incorporate such local changes but to efficiently reconcile across tactical SOA networks, allowing the derivation of policy decisions as precomputed Horn clauses or directly reasoning over a description logic fragment. This mechanism minimises the communication overhead compared to earlier work whilst maintaining policy integrity, thereby allowing security policies to adapt to resource and network constraints and other local knowledge such as node compromises and blacklisting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gkioulos, V., Wolthusen, S.D.: Securing tactical service oriented architectures. In: 2nd International Conference on Security of Smart Cities Industrial Control Systems and Communications-SSIC (2016)
Aloisio, A., Autili, M., D’Angelo, A., Viidanoja, A., Leguay, J., Ginzler, T., Lampe, T., Spagnolo, L., Wolthusen, S.D., Flizikowski, A., Sliwa, J.: TACTICS: tactical service oriented architecture. CoRR, vol. abs/1504.07578 (2015)
Lacy, L., Aviles, G., Fraser, K., Gerber, W., Mulvehill, A.M., Gaskill, R.: Experiences using OWL in military applications. In: Proceedings of the OWLED 2005 Workshop on OWL: Experiences and Directions, Galway, Ireland, November 11–12, 2005 (2005)
Semy, S.K., Pulvermacher, M.K., Obrst, L.J., Pulvermacher, M.K.: Toward the use of an upper ontology for U.S. government and U.S. military domains: an evaluation. Technical report, Submission to Workshop on Information Integration on the Web (IIWeb-04), in Conjunction with VLDB-2004 (2004)
Uszok, A., Bradshaw, J., Lott, J., Johnson, M., Breedy, M., Vignati, M., Whittaker, K., Jakubowski, K., Bowcock, J., Apgard, D.: Toward a flexible ontology-based policy approach for network operations using the kaos framework. In: Military Communications Conference, 2011 - MILCOM 2011, pp. 1108–1114, November 2011
Bunch, L., Bradshaw, J., Young, C.: Policy-governed information exchange in a U.S. army operational scenario. In: IEEE Workshop on Policies for Distributed Systems and Networks, 2008, POLICY 2008, pp. 243–244, June 2008
Lund, K., Eggen, A., Hadzic, D., Hafsoe, T., Johnsen, F.: Using web services to realize service oriented architecture in military communication networks. IEEE Commun. Mag. 45, 47–53 (2007)
Trivellato, D., Zannone, N., Glaundrup, M., Skowronek, J., Etalle, P.S.: A semantic security framework for systems of systems. Int. J. Coop. Inf. Syst. 22, 1–35 (2013)
Gkioulos, V., Wolthusen, S.D.: Enabling dynamic security policy evaluation for service-oriented architectures in tactical networks. Norw. Inf. Secur. Conf.-NISK 8, 109–120 (2015)
Kolovski, V., Parsia, B., Katz, Y., Hendler, J.: Representing web service policies in OWL-DL. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 461–475. Springer, Heidelberg (2005)
Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W.H., Thuraisingham, B.: ROWLBAC - representing role based access control in OWL. In: Proceedings of the 13th Symposium on Access control Models and Technologie, Estes Park, Colorado, USA. ACM Press, June 2008
Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: Third International Conference on Availability, Reliability and Security, 2008, ARES 2008, pp. 813–820, March 2008
Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) Advanced Information Systems Engineering Workshops. LNBIP, vol. 12, pp. 61–69. Springer, Heidelberg (2012)
Nguyen, V.: Ontologies and information systems: a literature survey. 6 (2011). http://digext6.defence.gov.au/dspace/handle/1947/10144
Gkioulos, V., Wolthusen, S.D.: Constraint analysis for security policy partitioning over tactical service oriented architectures. In: Advances in Networking Systems Architectures, Security, and Applications - of Springer’s Advances in Intelligent Systems and Computing (2016)
Fudholi, D.H., Rahayu, W., Pardede, E.: A data-driven dynamic ontology. J. Inf. Sci. 41, 383–398 (2015)
Zablith, F., Antoniou, G., d’Aquin, M., Flouris, G., Kondylakis, H., Motta, E., Plexousakis, D., Sabou, M.: Ontology evolution: a process-centric survey. Knowl. Eng. Rev. 30(1), 45–75 (2015)
Besana, P., Robertson, D.: Probabilistic dialogue models for dynamic ontology mapping. In: Costa, P.C.G., d’Amato, C., Fanizzi, N., Laskey, K.B., Laskey, K.J., Lukasiewicz, T., Nickles, M., Pool, M. (eds.) URSW 2005 - 2007. LNCS (LNAI), vol. 5327, pp. 41–51. Springer, Heidelberg (2008)
Flouris, G., Plexousakis, D., Antoniou, G.: On applying the AGM theory to DLs and OWL. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 216–231. Springer, Heidelberg (2005)
Hooi, Y.K., Hassan, M.F., Shariff, A.M.: A survey on ontology mapping techniques. In: Obaidat, M.S. (ed.) Advanced in Computer Science and its Applications. LNEE, vol. 279, pp. 829–836. Springer, Heidelberg (2014)
Choi, N., Song, I.-Y., Han, H.: A survey on ontology mapping. SIGMOD Rec. 35, 34–41 (2006)
Euzenat, J., Shvaiko, P.: Ontology Matching, 2nd edn. Springer, Heidelberg (2013)
Cobéna, G., Abdessalem, T., Hinnach, Y.: A comparative study of XML diff tools. Technical report, INRIA (2004)
Rana, V., Singh, G.: MBSOM: an agent based semantic ontology matching technique. In: 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), pp. 267–271, February 2015
Heflin, J. and Hendler, J. Dynamic ontologies on the web. In: Proceedings of the Seventeenth National Conference on Artificial Intelligence (AAAI-2000), pp. 443–449. AAAI/MIT Press, Menlo Park (2000)
dos Reis, J.C., Pruski, C., Reynaud-Delaître, C.: State-of-the-art on mapping maintenance and challenges towards a fully automatic approach. Expert Syst. Appl. 42(3), 1465–1478 (2015)
Klein, M., Proefschrift, A., Christiaan, M., Klein, A., Akkermans, P.: Change management for distributed ontologies. Technical report (2004)
Bakillah, M., Liang, S.H., Zipf, A., Mostafavi, M.A.: A dynamic and context-aware semantic mediation service for discovering and fusion of heterogeneous sensor data. J. Spat. Inf. Sci. 2013, 155–185 (2013)
Besana, P., Robertson, D.: How service choreography statistics reduce the ontology mapping problem. In: Aberer, K., et al. (eds.) ASWC 2007 and ISWC 2007. LNCS, vol. 4825, pp. 44–57. Springer, Heidelberg (2007)
Muthaiyah, S., Kerschberg, L.: Dynamic integration and semantic security policy ontology mapping for semantic web services (SWS). In: 2006 1st International Conference on Digital Information Management, pp. 116–120, December 2007
Khattak, A.M., Pervez, Z., Latif, K., Lee, S.: Short communication: time efficient reconciliation of mappings in dynamic web ontologies. Know.-Based Syst. 35, 369–374 (2012)
Khattak, A., Pervez, Z., Khan, W., Khan, A., Latif, K., Lee, S.: Mapping evolution of dynamic web ontologies. Inf. Sci. 303, 101–119 (2015)
Khattak, A., Latif, K., Khan, S., Ahmed, N.: Managing change history in web ontologies. In: Fourth International Conference on Semantics, Knowledge and Grid, 2008, SKG 2008, pp. 347–350, December 2008
Khattak, A.M., Latif, K., Lee, S.: Change management in evolving web ontologies. Know.-Based Syst. 37, 1–18 (2013)
Stojanovic, L., Studer, R.: Methods and tools for ontology evolution. Technical report, Universitaet Karlsruhe (TH) (2004)
Benerecetti, M., Bouquet, P., Ghidini, C.: On the dimensions of context dependence: partiality, approximation, and perspective. In: Akman, V., Bouquet, P., Thomason, R.H., Young, R.A. (eds.) CONTEXT 2001. LNCS (LNAI), vol. 2116, pp. 59–72. Springer, Heidelberg (2001)
Acknowledgments
The results described in this work were obtained as part of the EDA (European Defence Agency) project TACTICS (Tactical Service Oriented Architecture). The TACTICS project is jointly undertaken by Patria (FI), Thales Communications&Security (FR), Fraunhofer-Institut fur Kommunikation, Informationsverarbeitung und Ergonomie FKIE (DE), Thales Deutschland (DE), Leonardo (IT), Thales Italia (IT), Gjøvik University College (NO), ITTI (PL), Military Communication Institute (PL), and their partners, supported by the respective national Ministries of Defence under EDA Contract No. B 0980 GP.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Gkioulos, V., Wolthusen, S.D. (2016). Efficient Security Policy Reconciliation in Tactical Service Oriented Architectures. In: Doss, R., Piramuthu, S., Zhou, W. (eds) Future Network Systems and Security. FNSS 2016. Communications in Computer and Information Science, vol 670. Springer, Cham. https://doi.org/10.1007/978-3-319-48021-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-48021-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48020-6
Online ISBN: 978-3-319-48021-3
eBook Packages: Computer ScienceComputer Science (R0)