Upload
fay-diana-boone
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Policy Description & Enforcement Languages
Anis [email protected]
sharif university of technology 2
Outline Motivation and background Related work
Rei: A RDF Schema-based language for policy specification.
KAoS: A policy representation language based on OWL.
Ponder: An object-oriented policy language for the management of distributed systems and networks.
Some issues
sharif university of technology 3
Motivation A key need for the vision of the Semantic Web a
nd Pervasive Computing to succeed is the ability to handle security and privacy and the ability to automate these protocols.
A good approach: Policy based security and privacy protection
Until recently: semantic web languages representing web content & services
Our goal: to find suitable semantic web languages to describe and reason about policies
sharif university of technology 4
Policy Advantages Automated system management &
Controlling the behavior of complex systems Allowing administrators to modify system
behavior without changing source code or requiring the consent or cooperation of the components being governed
separation of rules that govern the behavior of a system from the functionality provided by that system
sharif university of technology 5
Benefits of policy-based approaches Reusability Efficiency Extensibility Context sensitivity Verifiability Support for both simple & sophisticated
components Protection from poorly designed, buggy or
malicious components Reasoning about component behavior
sharif university of technology 6
Approach It is not feasible to expect all entities to use the
same terminology to represent security protocols and information.
This forces the use of a semantic language like RDF-S, DAML+OIL or OWL whose constructs help entities better understand the meaning of the security information.
A security framework for the Semantic Web and PerCompEnv needs to be flexible, semantically rich and simple enough to automate.
sharif university of technology 7
Possible Representation of polices on each layer Object-Oriented language
Ponder XML
XACML, P3P RDF + RDF Schema
Rei OWL (DAML + OIL)
KAoS Rules (logic)
…
sharif university of technology 8
KAoS Collection of componentized agent services compatible
with several agent frameworks : Corba, Nomads, …
KAoS domain services provide the capability for groups of software components, people, resources, and other entities to be organized into domains and subdomains to facilitate agent-agent collaboration and external policy administration.
KAoS policy services allow for the specification, management, conflict resolution, and enforcement of policies within domains. Policies are currently represented in DAML+OIL as ontologies. (soon OWL)
sharif university of technology 9
KAoS Policy Ontology
KPO (KAos Policy Ontology): distinguish between authorizations & obligations
Obligations: constraints that require some action to be performed or else serve to waive such a requirement
Authorizations: constraints that permit or forbid some action
Policy type: Positive|negative Obligation|Authorization Policy: instance of policy type Properties & Property restrictions
sharif university of technology 10
Example of DAML policy representation in KAoS Members of domain A are permitted to communicate to the
outside of its domain using encrypted communication
sharif university of technology 11
features Work with arbitrary written components Dynamic runtime policy changes Extensible to a variety of execution
platforms which policy enforcement mechanisms may be written
Robust & Adaptable – attack or failure of components
Easy-to-use policy-based administration tools: GUI for monitoring, visualizing & dynamically modifying policies at runtime
sharif university of technology 12
KPAT
KAos Policy Administration Tool Graphical tool for policy specification,
revision & application, brows and load ontologies, deconflict newly defined policies.
Policy templates: high level, domain specific abstraction
Rich set of queries
sharif university of technology 13
Conflict detection - KAoS At specification time: add new policy to d
irctory service Three types of conflict
positive vs. negative authorization positive vs. negative obligation positive obligation vs. negative authorizatio
n The algorithms rely on Stanford’s Java
Theorem Prover (JTP)
sharif university of technology 14
Policy deployment Model-KAos Domain manager: management of domains
of agents and assures policy consistency at all the levels of the domain hierarchy
Directory Service: overall policy management
Gaurds: interpret policies and pass them on to enforcers
Enforcers: platform-specific components
sharif university of technology 15
Rei: A policy language Policy framework: specification, analysis & reasoning in
PerComp The Rei deontic concept-based policy language allows u
sers to express and represent the concepts of rights, prohibitions, obligations, and dispensations. (+,- A,O in KAoS & Ponder)
Rei relies on an application-independent ontology to represent the concepts of rights, prohibitions, obligations, dispensations, and policy rules.
sharif university of technology 16
Rei elements
Policy: rules, entities, domain, (rights,…)
Basic ontology include actions: unique action ID, target obj, pre-defined cond, effects
Speech acts: dynamically exchange rights & obligations between entities
Meta-policies: resolve policy conflicts
sharif university of technology 17
Example of Rei policy specification Rei’s concepts of rights, permissions, obligati
ons, dispensations, and policy rules are represented as Prolog predicates.
NO GUI Role-based access control policies
sharif university of technology 18
Reasoning - Rei The Rei framework provides a policy engine tha
t reasons about the policy specifications. The engine accepts policy specification in both the R
ei language and in RDF-S, consistent with the Rei ontology.
RDF to (subject, predicate, object) The engine is consistent and complete and allo
ws queries according to the Prolog language about any policies, meta-policies, and domain dependent knowledge that have been loaded in its knowledge base.
sharif university of technology 19
Conflict detection - Rei Modality conflicts +overlap in subject, tar
get & action Meta Policies
Setting priorities between policies or rules Setting modality precedence
sharif university of technology 20
Policy deployment model-Rei
Policy engine: reason about policies & reply to queries
No enforcement model No protection from malicious or non-
compliant components or agents
sharif university of technology 21
Ponder Declarative object-oriented language Specification of management policies for distributed
object systems
Basic Policy: rules governing choices in system behavior Set of subjects and set of targets with management
responsibility: have the authority to initiate a management decision
Composite Policy: grouping basic policies of organization Role: groups of policies governing the behavior of the
same subject by specifying its rights & duties Relationship: right & duties of rules towards each other
sharif university of technology 22
Ponder policy Two fundamental policy types
obligation authorization
obligation: the actions that policy subjects must perform on target entities when specific relevant events occurs
authorization: what operations a subject is authorized to do on target objects
Management domains: group of objects to which policies apply
sharif university of technology 23
Policy specification
Type policy: user defined policy types Parameterized : context specific Policy instances No default rules: permit or forbid
action?
sharif university of technology 24
An example of Ponder authorization policy
The policy specifies that the professor principals have read access to all the exercise files of their students only during the opening hours of the school, i.e. from 7 am to 7 pm and from Monday to Friday.
sharif university of technology 25
Ponder tools Ponder provides various graphical
tools for editing, updating, removing, and browsing Ponder policies.
There are also tools for syntactic and semantic analysis of policy specifications and for transforming Ponder language specifications directly into XML or Java code that can be interpreted at runtime.
sharif university of technology 26
Conflict detection - Ponder A prototype conflict detection tool to detect
overlaps and conflicts between policies. Modality conflicts: policies with modalities of
opposite signs that refer to the same subjects, targets & actions
Ex: conflicts between permissions & prohibitions or between obligations and prohibitions
Application specific conflicts: policy content & external criteria
Ex: conflict between an obligation to access a resource and a limitation on the resource availability
sharif university of technology 27
Policy deployment model-Ponder Policy specification Ponder compiler: java class, java object Runtime changes not possible Distribution and enforcement model:
distinguish between authorization and obligation policies
Specification of the interfaces for enforcement agents but NO implementation
Some systems implement in application domain
sharif university of technology 28
Issues Choice should be driven by the characteristics of the application
domain and by Simplicity, readability, analyzability scalability and enforceability requirements
Ontology advantages: Complex systems: multiple levels of abstraction Description of the environment using concepts: simplifying the desc
ription, facilitating analysis & reasoning, conflict detection Simplify the access to policy information: quering the ontology acco
tding its schema dynamically calculating relations between policies and environment Sharing: negotiate between entities and agree
Technical difficulties Complex syntax Long declarative description Hyperlinks & references to external resources (Ponder, DAML) Gap between specifiactionand implementation of policies
sharif university of technology 29
References G. Tonti, etc, "Semantic Web Languages for Policy Representat
ion and Reasoning: A Comparison of KAos, Rei, and Ponder", ISWC'03, 2003
A. Uszok, etc, "KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement", Policy'03, 2003
L. Kagal, etc, "A Policy Based Approach to Security for the Semantic Web", ISWC'03, 2003
N. Damianou, etc, "The Ponder Policy Specification Language", Policy'01, 2001
T. Finin, etc, "Agents, Trust, and Information Access on the Semantic Web", ACM SIGMOD Record, 2002
Y. Hu, etc, "Trust on the Semantic Web Pyramid: Some Issues and Challenges", ISWC'03, 2003
L. Kagal, etc, "Authorization and Privacy for Semantic Web Services", IEEE Computer Society, 2004