Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protune Rule-based Policies on the Semantic Web Daniel Olmedilla L3S Research Center & Hannover University PUC Seminar Aug. 21st, 2007, Rio de Janeiro,

Published byEdwina Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Protune Rule-based Policies on the Semantic Web Daniel Olmedilla L3S Research Center & Hannover University PUC Seminar Aug. 21st, 2007, Rio de Janeiro,"— Presentation transcript:

1

2 Protune Rule-based Policies on the Semantic Web Daniel Olmedilla L3S Research Center & Hannover University PUC Seminar Aug. 21st, 2007, Rio de Janeiro, Brazil

3 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20072 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

4 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20073 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

5 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20074 Warning Policy examples Policies specify the behavior of a system and may be applied to many different areas: security, privacy, conversations, business rules, quality of service, etc. The most common application scenario is security. It covers most of the requirements from other areas. Although many of the examples used in this presentation focus on security, it should be clear all the time that its application is not restricted only to security.

6 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20075 Introduction Warming Up: Problem Institutions and companies need to control the way they Make business Take decisions Offer their assets Etc … Generally, they need to control how decisions and actions are taken

7 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20076 Introduction Policies Are Everywhere B2B contracts  e.g. quantity flexible contracts, late delivery penalties, etc. Negotiation  e.g. rules associated with auction mechanisms Security  e.g. access control policies Privacy  Information Collection Policies (aka “ P3P Privacy Policies”)  Obfuscation Policies Workflow management  What to do under different sets of conditions Context aware computing  What service to invoke to access a particular contextual attribute  Context-sensitive preferences [ by Norman Sadeh, Semantic Web Policy Workshop panel, ISWC 2005 ]

8 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20077 Introduction Main Challenges Provide a framework where Behavior is flexible  Can be changed/updated -without re-coding, re-compiling, re-installing, etc… -In a costless manner Can be managed by administrators/users without needing to be computer experts Can be understood by normal users Covers as many different policies as possible

9 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20078 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

10 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 20079 Policy Specification A broader notion of Policy The term policy covers: Security/Privacy policies, Trust management Business rules Quality of Service directives Service-level agreements and more...

11 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200710 Policy Specification Examples Give customers younger than 26 a 20% discount on international tickets Up to 15% of network bandwidth can be reserved by paying with an accepted credit card Customers can rent a car if they are 18 or older, and exhibit a driving license and a valid credit card

12 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200711 Policy Specification Context-Sensitive Privacy & Security Pervasive Computing “My colleagues can only see the building I am in and only when they are on company premises” Enterprise Collaboration “Only disclose inventory levels to customers with past due shipments” DoD Scenarios (e.g., coalition forces) “Only disclose ship departure time after the ship has left” “Only disclose information specific to the context of ongoing joint operations” Homeland Security & Privacy (e.g., video surveillance) “Only allow for facial recognition when a crime scene is suspected” [ by Norman Sadeh, Semantic Web Policy Workshop panel, ISWC 2005 ]

13 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200712 Policy Specification Benefits from Rule Based languages Importance of declarative policy languages  To avoid ambiguous or ill-defined policies  To separate policies and mechanisms  To enable automated policy validation Proposed logic-based policy languages  To improve readability and maintenance  High-level formulation, more natural for untrained user  To express / integrate different policies (flexibility) [Bonatti, Samarati. Logics for Authorizations and Security. Logics for emerging applications of Databases, 2003 ]

14 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200713 Policy Specification Protune Example Policy (I) allow(rent(Car,Type)) ← credential (DL), DL.type:driving_license, DL.age > 18, available(Car,Type). Abbreviation Predicate Decision Predicate available(car1, ’Ford Focus’). available(car2, ’VW Polo’). available(car3, ’Opel Corsa’). Constraint Predicate Abbreviation Predicate Definition [ Bonatti, Olmedilla. Driving and Monitoring Provisional Trust Negotiation with Metapolicies. IEEE Policies for Distributed Systems and Networks, 2005 ] Evidence Constraint Predicate

15 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200714 Policy Specification Protune Example Policy (& II) Specify type with metapolicies allow(rent(Car,Type)).type:decision. available(Car,Type).type:abbreviation. Simplifies the policy Controls how the policy is used Easy extensibility More on metapolicies later

16 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200715 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

17 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200716 Integration of Actions Exploiting “external” systems Decisions need data, information, and knowledge Each organization has its own  Already available through legacy software and data  A realistic solution must interoperate with them Third parties  Credit card sites for validity checking  Credential repositories Variety of web resources

18 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200717 Integration of Actions Policies are not (only) passive objects Policies may specify Event logging  Failed transactions must be logged  Log downloads of new articles for one week Communications and notifications  Notify the administrator about repeated login failures Workflow triggering  such as (partly) manual registration procedures i.e. Policies may specify actions To be interleaved with the decision process

19 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200718 allow(rent(Car,Type)) ← driving_license(DL), DL.age > 18, check_availability(Car,Office), notify(“New Reservation”, Car, Type, Office). check_availability(Car,Office) ← in(available(Car,Office), rdbms:query( “SELECT car, office FROM Available_Cars WHERE Type = ” & Type, “car_database”) ). notify(_,_,_,_)->actor:self. notify(Subject,Car,Type,Office)->action:“http://…/#e-mail” Integration of Actions Example Package Action: database access Who performs it? Action definition Provisional Action: send a notification

20 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200719 Integration of Actions Evidences allow(rent(Car,Type)) ← credential (DL), DL.type:driving_license, DL.age > 18, available(Car,Type). credential(C)->type:provisional. credential(C)->actor:peer. Evidence Implies that the requester discloses an evidence The actor in this case is the requester

21 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200720 Integration of Actions Strong, Soft, and Lightweight Evidence How can individuals prove their eligibility? Strong evidence (credentials)  e.g. digital credentials (id, credit cards, subscriptions) Soft evidence  e.g. numerical reputation measures  PGP, eBay,... Lightweight evidence (declarations)  e.g. “accept buttons” (copyright/license agreements)  e.g. “web forms” (authentication, registration) They should be integrated for balancing:  trust level  risk level  computational costs  usability (fetching credentials, personal assistants) E.g. micropayments vs. buying plane tickets

22 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200721 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

23 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200722 Negotiations Access Control in open systems (I)

24 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200723 Negotiations Access Control in open systems (II) Assumption: I already know you you have a local account! Not a member?

25 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200724 Negotiations Scalability and usability issues In the absence of more flexible methods Web services have to keep accounts for all customers  Possibly >1 for some customers  Some accounts are used very few times Users have to create accounts all the time  Many passwords vs. reuse (highly vulnerable)  Needs automated password management Articulated business policies are discouraged  Because they would require continuous user intervention

26 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200725 Negotiations Privacy issues Credentials may be sensitive  Credit card numbers, SSN,... Servers cannot be trusted, in general  New services, unknown responsibles,... Credential release may be subject to server certifications Seal programs (self regulation): agree to  Follow precise practices for protecting information  Be subject to audit procedures  TRUSTe, BBBOnLine, WebTrust Seal program membership can be certified with electronic credentials

27 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200726 Negotiations Bilateral and iterative process Step 1: Alice requests a service from Amazon Step 5: Alice discloses her VISA card credential Step 4: Amazon discloses its BBB credential Step 6: Amazon grants access to the service Service BobAlice Step 2: Amazon discloses its policy for the serviceStep 3: Alice discloses her policy for VISA [Winsborough, Seamons, Jones. Automated trust negotiation. DARPA Information Survivability Conference and Exposition, IEEE Press, Jan 2000 ]

28 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200727 Negotiations Characteristics Every party can define policies to control outsiders’ use of its resources  Service access control (security)  Credential disclosure control (privacy)  Business rules Decisions are based on parties’ properties Properties are established iteratively and bilaterally by the disclosure of certificates and declarations, i.e. negotiations

29 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200728 Negotiations How to formulate requests (I) One by one? Slow  More messages (as opposed to one global request) Bad w.r.t. privacy  Not known what the next request will be  Unnecessary disclosures  After submitting n credentials you realize you miss the next Example  After submitting your id you realize your credit card is not accepted by the server

30 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200729 Negotiations How to formulate requests (II) All alternatives at once? Less messages (good!) Combinatorial explosion:  one id and one credit card  -Passport + VISA -Passport + Mastercard -... -Student card + VISA -Student card + Mastercard -... -SSN + VISA -SSN + Mastercard -...

31 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200730 Negotiations How to formulate requests (& III) Send the policy! As a compact representation of all alternatives  To download paper XY.pdf do one of the following: 1)Submit an Amazon card 2)Submit a valid id and an accepted credit card The client can  Verify that the whole condition can be satisfied  Choose the best option  Minimizing the sensitivity of disclosed information

32 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200731 Negotiations Protune Example Policy (I) allow(download(Resource)) ← public(Resource). allow(download(Resource)) ← authenticated(User), hasSubscription(User). authenticated(User) ← credential(C), C.type:’id’. authenticated(User) ← declaration([ user=User, password=P ]), passwd(User,P). hasSubscription(‘Alice’). hasSubscription(‘John’). passwd(‘Alice’,’$1234ab3’). passwd(‘John’, ‘8%&ca’). Soft evidence Private information Hard evidence Private information

33 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200732 Negotiations Policy Filtering allow(download(‘file1234.pdf’)) ? AliceAmazon allow(download(Resource)) ← authenticated(User), hasSubscription(User). authenticated(User) ← credential(C), C.type:’id’. authenticated(User) ← declaration([ user=User, password=P ]), passwd(User,P). hasSubscription(‘Alice’). hasSubscription(‘John’). passwd(‘Alice’,’$1234ab3’). passwd(‘John’, ‘8%&ca’). allow(download(Resource)) ← public(Resource). allow(download(Resource)) ← public(Resource). allow(download(Resource)) ← authenticated(User), hasSubscription(User). authenticated(User) ← credential(C), C.type:’id’. authenticated(User) ← declaration([ user=User, password=P ]), passwd(User,P). Alice does not know what authenticated means Only shared predicates blurred( ) ‘file1234.pdf’ is not public Semantic Policy Information. Usable for explanations (see later)

34 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200733 Negotiations Protune filtering metapolicies allow(download(Resource)) ← public(Resource). allow(download(Resource)) ← authenticated(User), hasSubscription(User). authenticated(User) ← credential(C), C.type:’id’. authenticated(User) ← declaration([ user=User, password=P ]), passwd(User,P). hasSubscription(‘Alice’). hasSubscription(‘John’). passwd(‘Alice’,’$1234ab3’). passwd(‘John’, ‘8%&ca’). passwd(User,Pwd)->sensitivity:private. hasSubscription(User)->sensitivity:private.

35 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200734 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

36 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200735 Cooperativeness & Verbalization User Lacks Lack of awareness  Users ignore the policies applied by the systems they use Lack of control  Users don't know how to personalize their policies Lack of technical competence

37 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200736 Cooperativeness & Verbalization Widespread security A recent experiment: Several computers connected to the network  Different platforms and configurations With default policies: intrusion in <5 min.  Bias towards functionality With personalized policies: safe for 2 weeks  Till the end of the experiment [Avantgarde. http://www.avantgarde.com/xxxxttln.pdf ]

38 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200737 Cooperativeness & Verbalization User awareness and control Explain policies and system decisions  Make rules & reasoning intelligible to the common user Encourage people to personalize their policies  Make it easy for users to write their own rules Use natural language?  “Academic users can download the files in folder historical_data whenever their creation date precedes 1942”  Suitably restricted to avoid ambiguities  Fortunately, users spontaneously formulate rules

39 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200738 Cooperativeness & Verbalization Cooperative policy enforcement Crucial for the success of a web service  Never say (only) “no”!  Encourage first-time users  Who don't know how to use your service Explain policy decisions  Especially failures  Advanced queries: Why not Guide users  Advanced queries: How-to, What-if You can't open this door, but you can ask Alice for permission

40 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200739 Cooperativeness & Verbalization Motivation Suppose Alice's request is rejected She may want to ask questions like: Why didn't you accept my credit card? Other possible queries How-to queries What-if queries  Would I get the special discount on financial products X if I were locally employed?

41 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200740 Why-not demo Sample screenshot

42 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200741 Why-not demo Sample screenshot

43 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200742 Why-not demo After one more step...

44 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200743 I CAN’T PROVE THAT it is allowed to download paper14.pdf BECAUSE Rule [r3] is not applicable: THERE IS NO User SUCH THAT User is authenticated [details] AND Rule [r4] is not applicable: THERE IS NO User SUCH THAT User is authenticated [details] MOREOVER THERE IS NO User SUCH THAT User has paid for paper14.pdf [details] FILTERED POLICY [r3]: allow(download(Resource)) ← authenticated(User), blurred( hasSubscription(User) ). [r4]: allow(download(Resource) ← authenticated(User), paid(User,Resource). METAPOLICY allow(download(Resource)).explanation: “It is allowed to download “ & Resource. public(Resource).explanation: Resource & “ is public”. authenticated(User).explanation: User & “ is authenticated”. hasSubscription(User).explanation: User & “ has subscription”. paid(User,Resource).explanation: User & “ has paid for “ & Resource. Cooperativeness & Verbalization Why-Not Queries [ Bonatti, Olmedilla, Peer. Advance policy explanations on the web. ECAI 2006, pages 200-204, Riva del Garda, Italy, Aug-Sep 2006. IOS Press. ]

45 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200744 I CAN’T PROVE THAT it is allowed to download paper14.pdf BECAUSE Rule [r3] is not applicable: THERE IS NO User SUCH THAT User is authenticated [details] AND Rule [r4] is not applicable: THERE IS NO User SUCH THAT User is authenticated [details] MOREOVER THERE IS NO User SUCH THAT User has paid for paper14.pdf [details] FILTERED POLICY [r3]: allow(download(Resource)) ← authenticated(User), blurred( hasSubscription(User) ). [r4]: allow(download(Resource) ← authenticated(User), paid(User,Resource). METAPOLICY allow(download(Resource)).explanation: “It is allowed to download “ & Resource. public(Resource).explanation: Resource & “ is public”. authenticated(User).explanation: User & “ is authenticated”. hasSubscription(User).explanation: User & “ has subscription”. paid(User,Resource).explanation: User & “ has paid for “ & Resource. Pruning: User is not authenticated so it makes no sense to inspect her subscriptions “authenticated” depends on a credential. “hasSubscription” depends on “authenticated” Cooperativeness & Verbalization Why-Not Queries: pruned or full

46 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200745 Outline Introduction Policy Specification Integration of Actions  Legacy Systems  Evidences Negotiations  Filtering Cooperativeness & Verbalization Conclusions & Further Work

47 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200746 Conclusions & Further Work Summary Protune is a framework where Behavior is flexible  Can be changed/updated -without re-coding, re-compiling, re-installing, etc… -In a costless manner Covers as many different policies as possible Policies are rule based Allows for semantic and privacy aware negotiations  No previous shared knowledge required Produce verbalizations in order to increase user understanding

48 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200747 Conclusions & Further Work Implemented prototype Prototype available (in alpha state) Freely distributed All in java  Easily configurable, multi-thread  Legacy systems integration: RDBMS, LDAP, RDF repositories, …

49 Daniel Olmedilla Aug. 21st, 2007PUC Seminar 200748 Conclusions & Further Work Further Work Natural language policy specification Policy Engineering Tools  Specification  Validation  Visualization Stable release We search for new application scenarios and real policies !!

50 Thanks! Questions? olmedilla@L3S.de - http://www.L3S.de/~olmedilla/

Download ppt "Protune Rule-based Policies on the Semantic Web Daniel Olmedilla L3S Research Center & Hannover University PUC Seminar Aug. 21st, 2007, Rio de Janeiro,"

Similar presentations

E-shop Workshop Building an electronic storefront for your business.

E-shop Workshop Building an electronic storefront for your business.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.

Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Security Controls – What Works

Security Controls – What Works
25/10/2009Philipp Kärger1 Reactivity and Social Data: Keys to Drive Privacy Decisions in Social Network Applications* * This work was partially supported.

25/10/2009Philipp Kärger1 Reactivity and Social Data: Keys to Drive Privacy Decisions in Social Network Applications* * This work was partially supported.
Policy-Driven Negotiations and Explanations on the Semantic Web Daniel Olmedilla L3s Research Center / Hannover University CSL Seminar, SRI International.

Policy-Driven Negotiations and Explanations on the Semantic Web Daniel Olmedilla L3s Research Center / Hannover University CSL Seminar, SRI International.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Advanced Semantic Web Policies ____ Preferences and Reactivity Philipp Kärger L3S Research Center, Leibniz University Hannover Research Seminar, DERI Galway,

Advanced Semantic Web Policies ____ Preferences and Reactivity Philipp Kärger L3S Research Center, Leibniz University Hannover Research Seminar, DERI Galway,
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Understanding Active Directory

Understanding Active Directory
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google