Policy reasoning A policy is a set of norms that define optimal behavior of agents in a system What does policy reasoning usually entail ? Proving that.

Slides:



Advertisements
Similar presentations
Dr. Leo Obrst MITRE Information Semantics Information Discovery & Understanding Command & Control Center February 6, 2014February 6, 2014February 6, 2014.
Advertisements

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics
The KB on its way to Web 2.0 Lower the barrier for users to remix the output of services. Theo van Veen, ELAG 2006, April 26.
Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.
Bootstrapping Privacy Compliance in Big Data System Shayak Sen, Saikat Guha et al Carnegie Mellon University Microsoft Research Presenter: Cheng Li.
Systems Engineering Foundations of Software Systems Integration Peter Denno, Allison Barnard Feeney Manufacturing Engineering Laboratory National Institute.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
1 Where do spatial context-models end and where do ontologies start? A proposal of a combined approach Christian Becker Distributed Systems Daniela Nicklas.
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:
1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.
DECISION SUPPORT SYSTEM ARCHITECTURE: The data management component.
1 DataSpace MIT Decentralized Information Group Tim Berners-LeeDanny Weitzner Lalana KagalGerry Sussman Hal Abelson Visitors: Joe Pato (HP)Latanya Sweeney.
Semantic Interoperability Berlin, 25 March 2008 Semantically Enhanced Resource Allocator Marc de Palol Jorge Ejarque, Iñigo Goiri, Ferran Julià, Jordi.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
A bad case of content reuse Validator Website to Validate License Violations Validator – Only requires the URI of the site to check This work by Oshani.
A bad case of content reuse Validator Website to Validate License Violations Validator – Only requires the URI of the site to check for a license violation.
Page 1 Alliver™ Page 2 Scenario Users Contents Properties Contexts Tags Users Context Listener Set of contents Service Reasoner GPS Navigator.
Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008
Privacy Framework for RDF Data Mining Master’s Thesis Project Proposal By: Yotam Aron.
Semantic Language E-Learning Platform Martin Jovanović, Milena Stanković, Dejan Todosijević CIITLab, Faculty of Electronic Engineering Niš.
Windows Role-Based Access Control Longhorn Update
Dr. Bhavani Thuraisingham The University of Texas at Dallas Trustworthy Semantic Webs March 25, 2011 Data and Applications Security Developments and Directions.
ES component and structure Dr. Ahmed Elfaig The production system or rule-based system has three main component and subcomponents shown in Figure 1. 1.Knowledge.
Introduction to Semantic Web Service Architecture ► The vision of the Semantic Web ► Ontologies as the basic building block ► Semantic Web Service Architecture.
Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.
Semantic Clipboard User Interface is integrated in the Browser Architecture of the Semantic Clipboard Illustration of a license incompliant content reuse.
Validator Website to Validate URI License Violations Validator – Only requires the URI of the site to check A bad case of content reuse This work by Oshani.
EMIRES Czech. 2 INSPIRE & its requirements Geographic information needed for good governance at all levels should be abundant and widely available under.
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Vision for Semantic Web.
1 Discussion of “Computer- Assisted Tools for Auditing XBRL- Related Documents” Symposium on Information Integrity & Information Systems Assurance David.
Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007.
Coding Compliance Components Writing Custom Policies for Auditing, Expiration and More Jason Morrill Program Manager Windows SharePoint Services.
1 Web Services Policy Management Greg Pavlik Web Services Architect Oracle Corporation May 11, 2005.
ShareNet Integrating Trust and Privacy policy Li Ding.
Explainable Adaptive Assistants Deborah L. McGuinness, Tetherless World Constellation, RPI Alyssa Glass, Stanford University Michael Wolverton, SRI International.
The Semantic Web. What is the Semantic Web? The Semantic Web is an extension of the current Web in which information is given well-defined meaning, enabling.
A Portrait of the Semantic Web in Action Jeff Heflin and James Hendler IEEE Intelligent Systems December 6, 2010 Hyewon Lim.
Glossary WMS – OGC Web Mapping Services WFS – OGC Web Feature Services XML- Extensible Markup Language OGC – Open GIS Consortium ADN –
Semantic Data Extraction for B2B Integration Syntactic-to-Semantic Middleware Bruno Silva 1, Jorge Cardoso 2 1 2
SALUS Semantic Middleware SALUS Advisory Board Meeting - January 17, 2013.
Distributed Archives Interoperability Cynthia Y. Cheung NASA Goddard Space Flight Center IAU 2000 Commission 5 Manchester, UK August 12, 2000.
Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.
Project Undertaken By, Anita.K Subalakshmi.S Suseela.J.S Guide: Mrs.M.J.Jeyasheela Rakkini AP/CSE Third Review.
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.
Semantic Web Technologies Readings discussion Research presentations Projects & Papers discussions.
Internet The internet is the largest computer network system in the world. It consists of many smaller networks connected together by a global public.
E-Business Infrastructure PRESENTED BY IKA NOVITA DEWI, MCS.
Chris Menegay Sr. Consultant TECHSYS Business Solutions
Middleware independent Information Service
Policy Aware Content Reuse on the Web
Forefront Security ISA
Using Semantic Web Data: Proof
PEM PAL IA COP Internal Control Working Group COSO Principles
Daniel Amyot and Jun Biao Yan
Continuous Automated Chatbot Testing
Distributed and Grid Computing Research Group
Knowledge Based Workflow Building Architecture
Introducing Semantic Web Technologies:
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
AINTNO: Demonstration of Information Accountability on the Web
Semantic Markup for Semantic Web Tools:
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
전문가 시스템(Expert Systems)
[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]
Subject Name: SOFTWARE ENGINEERING Subject Code:10IS51
Presentation transcript:

Policy reasoning A policy is a set of norms that define optimal behavior of agents in a system What does policy reasoning usually entail ? Proving that requests made by a client are compliant with policies Usually for upfront/a-priori authorization

Why is policy compliance insufficient ? In several application contexts, strictly enforced, before-the-fact authorization of every action is insufficient Difficult to prevent information extraction, integration and sharing in decentralized systems such as the Web using authorization Sometimes it is more appropriate to analyze actions after-the-fact and hold policy violators accountable Unexpected circumstances No single action leads to a violation but a combination of actions does User is authorized to access resource/data but misuses it after getting access

Information Accountability What is Information Accountability Determining the purpose for which data was used and inferring whether the use was inappropriate Requires augmenting Web information with data about provenance and usage policies, and creating automated means for maintaining that provenance and interpreting policies. Accountability framework requirements expressive policy language and reasoner logging and provenance middleware justification generation and interface Image courtesy of Adventure Quest http://www.battleon.com/

Image courtesy of http://www.cartoonbank.com/ AIR Policy Language a machine-understandable policy language Semantic Web technologies for shared model of queries and policies Why Semantic Web ? Need to ground terms on common models of data and knowledge so that data can be exchanged and used between different systems with some assurance of its meaning Semantic Web technologies offer several advantages shared model of discourse global unique identifiers open & dynamic interoperability - mapping between concepts and instances possible Image courtesy of http://www.cartoonbank.com/ 4

Part of justification generated by reasoner AIR Reasoner Production-rule system in python Uses dependency tracking to generate justifications for compliant and non- compliant queries Part of justification generated by reasoner

Justification User Interface AIR reasoner generates proofs of compliance and non-compliance Proofs are not easy to understand Graphical justification interface that provides an explorable structured natural language explanation for policy compliance and non- compliance Part of Tabulator, a Semantic Web browser Available as a Firefox extension Image courtesy http://clip.dia.fi.upm.es/~logalg/slides/

Usecase: Sharing of Data in Fusion Centers Sender: Mia Analysa of Commonwealth Fusion Center Data: Request for Information regarding Robert Guy Receiver: Fedd Agenti of DHS Is this allowed under policies of involved parties ?

Interface to make queries

Policy reasoning result in Justification UI

Exploring Policy Reasoning Results

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.