Authentic Refinement of Semantically Enhanced Policies in Pervasive Systems

  • Julian Schütte
  • Nicolai Kuntze
  • Andreas Fuchs
  • Atta Badii
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 330)


Pervasive systems are characterised by networked heterogeneous devices. To fulfill the security requirements of an application, these devices have to abide by certain policies. However, as the contingent interaction between devices in all possible contexts within evolving pervasive systems devices cannot be known at development time, policies cannot be dedicated to concrete security mechanisms which might later not be supported by the devices present in the network. Therefore, policies need to be expressed at a more abstract level and refined appropriately to suit applicable mechanisms at run time. In this paper we describe how security policies can be combined with ontologies to support such an automated policy refinement. As thereby policy decisions depend on semantic descriptions, the correctness of these descriptions must be verifiable at a later time for policy decisions to be evidential. We therefore propose Trusted Computing-based approaches on generating proofs of correctness of semantic descriptions deployed in policies.


Security Policy Security Requirement Security Mechanism Semantic Knowledge Semantic Annotation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Semantic Annotations for WSDL and XML Schema. W3C Recommendation (August 2007)Google Scholar
  2. 2.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Ferrini, R., Bertino, E.: Supporting RBAC with XACML+OWL. In: 14th ACM symposium on Access control models and technologies (SACMAT), pp. 145–154 (2009)Google Scholar
  4. 4.
    Horridge, M., Drummond, N., Goodwin, J., Rector, A.L., Stevens, R., Wang, H.: The manchester owl syntax. In: CEUR Workshop Proceedings. OWLED, vol. 216 (2006)Google Scholar
  5. 5.
    Kagal, L., Berners-Lee, T., Connolly, D., Weitzner, D.: Using semantic web technologies for policy management on the web. In: National Conference on Artificial Intelligence, AAAI (July 2006)Google Scholar
  6. 6.
    Klie, T., Ernst, B., Wolf, L.: Automatic policy refinement using owl-s and semantic infrastructure information. In: Proc. 2nd IEEE Int. Workshop on Modelling Autonomic Communications Environments (MACE), San Jose, US (October 2007)Google Scholar
  7. 7.
    Kagal, L.: The rein policy framework for the semantic web (2006),
  8. 8.
    Lamparter, S., Agarwal, S.: Specification of policies for automatic negotiations of web services. In: Kagal, L., Finin, T., Hendler, J. (eds.) Semantic Web and Policy Workshop, Galway, Ireland, November 2005, pp. 99–109 (2005)Google Scholar
  9. 9.
    TCG MPWG. The TCG mobile trusted module specification. TCG specification version 0.9 revision, 1Google Scholar
  10. 10.
    National Institute of Standards and Technology. Security Requirements for Cryptographic Modules. Federal Information Processing Standards Publication 140-2 (2002)Google Scholar
  11. 11.
    Patwardhan, A., Korolev, V., Kagal, L., Joshi, A.: Enforcing Policies in Pervasive Environments. In: International Conference on Mobile and Ubiquitous Systems: Networking and Services (August 2004)Google Scholar
  12. 12.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Workshop on New security paradigms, pp. 67–77 (2004)Google Scholar
  13. 13.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proc. of the 13th USENIX Security Symposium, pp. 223–238 (2004)Google Scholar
  14. 14.
    Stumpf, F., Fuchs, A., Katzenbeisser, S., Eckert, C.: Improving the scalability of platform attestation. In: Workshop on Scalable Trusted Computing (ACM STC 2008), Fairfax, USA, October 31, pp. 1–10. ACM Press, New York (2008)CrossRefGoogle Scholar
  15. 15.
    Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A semantic context-aware adaptive policy model. In: IEEE 2007 International Workshop on Policies for Distributed Systems and Networks (POLICY), Bologna, Italy, June 2007. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  16. 16.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A Policy System for Autonomous Pervasive Environments. In: The Fifth International Conference on Autonomic and Autonomous Systems, ICAS 2009 (April 2009)Google Scholar
  18. 18.
    Uszok, A., Bradshaw, J.: Kaos policies for web services. In: W3C Workshop on Constraints and Capabilities for Web Services (October 2004)Google Scholar
  19. 19.
    Verma, K., Akkiraju, R., Goodwin, R.: Semantic matching of web service policies. In: Proceedings of the Second Workshop on SDWP (2005)Google Scholar
  20. 20.
    Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: WS-attestation: efficient and fine-grained remote attestation on Web services. In: International Conference on Web Services (ICWS 2005), p. 750 (2005)Google Scholar
  21. 21.
    Zhang, W., Schütte, J., Ingstrup, M., Hansen, K.M.: A Genetic Algorithms-based approach for Optimized Self-protection in a Pervasive Service Middleware. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 404–419. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Julian Schütte
    • 1
  • Nicolai Kuntze
    • 1
  • Andreas Fuchs
    • 1
  • Atta Badii
    • 2
  1. 1.Fraunhofer Institute for Secure Information Technology SITGermany
  2. 2.IMSS, University of ReadingUK

Personalised recommendations