POLIPO: Policies & OntoLogies for Interoperability, Portability, and autOnomy (original) (raw)
Related papers
Situation Awareness with Systems of Systems, 2013
Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems' autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems' vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain.
Unified support for heterogeneous security policies in distributed systems
1998
Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by di erent people, with little, if any, knowledge of each other | and which may be governed by di erent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a di erent formalism and enforced with a di erent mechanism, the situation can get easily out of hand. To deal with this problem we propose in this paper a security mechanism that can support e ciently, and in a uni ed manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several di erent modes of interactions that are subject to disparate security policies.
Interoperable semantic access control for highly dynamic coalitions
Security and Communication Networks, 2009
A coalition consists of independent organizations that share resources and skills to achieve significant mission objectives. Dynamic coalition formations occur in response to some market demands, business requests, or disaster responses, to name a few. Partners forming a coalition are automatically selected given some business criteria and become active participants from the time the coalition is formed. Highly dynamic coalitions (HDCs) form a sub class of dynamic coalitions where the coalition formation and operation are strictly bound by time in order to provide a prompt reaction to some events. This type of dynamism poses the necessity of underlying security models and technologies allowing for automated coalition formation and operation. This paper presents a platform-driven approach to HDCs. It first defines a life cycle inherent to HDC formations, and then presents a platform-driven access control model that takes advantage of semantics of partners' requirements to provide interoperable access control to resources shared in a coalition. Coalition partners can achieve a high level of service interoperation by enhancing their access control requirements with semantics of usage, and interlinking their semantics using class relations based on standard ontology.
2011
This paper addresses the problem of access control in the context of unified distributed architectures, in which a local authorization policy is not able to recognize all the terms applicable to the authorization decision requests. The approach is based on semantic interoperability between the different services of the architecture. More specifically, we present the ontologybased interoperation service (OBIS), which calculates the matching of security concepts extracted from access requests and local authorization policies. This service is then validated in an employability use case scenario.
Security policy coordination for heterogeneous information systems
Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
Coordinating security policies in information enclaves is challenging due to their heterogeneity and autonomy. Administrators must reconcile the semantic diversity of data and security models before negotiating secure interoperation. This paper proposes an architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in information enclaves. The formal foundation of the architecture facilitates static and dynamic analysis of global consistency and policy enforcement.
Using semantic policies for ad-hoc coalition access control
2006 Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, 2006
Coalition access control models are required in order to properly manage access to resources among different collaborating organizations. When these relationships are long term inter-organizational agreements and policies can be established that can satisfy appropriate access to the resources owned by those entities. When these coalitions are spontaneous access rights to resources among the parties in the coalition need to be specified by users and must be context dependant. A good example of this is in ad-hoc collaborative scenarios. Controlling access to private services being shared within the collaborative group is a challenge in these scenarios. This paper presents a semantic web approach in order to represent context that can be shared and used by a policy engine to form dynamic groups based on the context of the situation, as well as manage access to the private web services that each group introduces to the ad-hoc collaborative environment. The approach leverages the distributed policy framework (Rein) built on top of a rule-base reasoner (CWM).
Ontology Based Interoperation for Securely Shared Services
This paper addresses the problem of access control in the context of unified distributed architectures, in which a local authorization policy is not able to recognize all the terms applicable to the authorization decision requests. The approach is based on semantic interoperability between the different services of the architecture. More specifically, we present the ontology based interoperation service (OBIS), which calculates the matching of security concepts extracted from access requests and local authorization policies. This service is then validated in an employability use case scenario.
HiPoLDS: a security policy language for distributed systems
2012
Expressing security policies to govern distributed systems is a complex and error-prone task. Policies are hard to understand, often expressed with unfriendly syntax, making it difficult to security administrators and to business analysts to create intelligible specifications. We introduce the Hierarchical Policy Language for Distributed Systems (HiPoLDS). HiPoLDS has been designed to enable the specification of security policies in distributed systems in a concise, readable, and extensible way. HiPoLDS's design focuses on decentralized execution environments under the control of multiple stakeholders. Policy enforcement employs distributed reference monitors who control the flow of information between services. HiPoLDS allows the definition of both abstract and concrete policies, expressing respectively high-level properties required and concrete implementation details to be ultimately introduced into the service implementation.
Generic Access Control Model and Semantic Mapping Between Heterogeneous Policies
International Journal of Technology Diffusion, 2018
This article aims to ensure a dynamic set up of access control policies across collaborating organizations where these organizations adopt heterogeneous access control models. To attain this objective, this contribution started with a survey on existing access control models, and their specificities on collaboration. Based on this survey, it remains that the topic on access control collaboration still open despite the efforts made. Therefore, in this article a generic representation of access control concepts is proposed. This generic representation considers the process of semantic mapping between policies of heterogeneous access control systems. In this fact an ontology-based semantic mapping is proposed. This mapping has the advantage to optimize theā¦