Adaptive Policy Evaluation Framework for Flexible Service Provision

In the past decade, the framework of service polices has been established to ensure the transparency and accountability of operations of ICT services. This is generally called a "trust framework." The framework provides trust to its participants, in which economical operations are enabled. A modern framework of services are enpowered by IoT, where the environments often change in time. Here, we have to re-evaluate the policies when we observe changes in the environments. In this paper, we propose a formal model of adaptive policy evaluation framework that reflects the trust for the evaluation policy and the collection of environmental data by IoT devices. PDP runs under a given trust circle, receives assertions including policies of peers, and make a decision. Furthermore, we formalize the adaptive evalua- tion scheme of policies that reflects the dynamics of a trust circle which is affected by the environment of PDP. Monitor plays an essential role in controlling the trust circle by sensing the dynamic change of environments, which gives growth or shrink of a trust circle.

[1]  Zonghua Zhang,et al.  Adaptive Policy-driven Attack Mitigation in SDN , 2017, IWSEC 2017.

[2]  Hiroyuki Sato,et al.  A Cloud Trust Model in a Security Aware Cloud , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.

[3]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[4]  Angelos D. Keromytis,et al.  Asynchronous policy evaluation and enforcement , 2008, CSAW '08.

[5]  Min Liu,et al.  An integrated security monitoring system for digital service network devices , 2017, 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[6]  Yutaka Ishibashi,et al.  Architecture for security monitoring in IoT environments , 2017, 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE).

[7]  Hiroyuki Sato,et al.  Authorization by Documents , 2017, J. Inf. Process..

[8]  Igor V. Kotenko,et al.  Parallel Processing of Big Heterogeneous Data for Security Monitoring of IoT Networks , 2017, 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[9]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[10]  Ram Krishnan,et al.  Toward a Framework for Detecting Privacy Policy Violations in Android Application Code , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[11]  Ali H. Sayed,et al.  Distributed Policy Evaluation Under Multiple Behavior Strategies , 2013, IEEE Transactions on Automatic Control.

[12]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Cataldo Basile,et al.  A Formal Model of Policy Reconciliation , 2015, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[14]  S. Hiroyuki,et al.  A Policy Consumption Architecture that enables Dynamic and Fine Policy Management , 2014 .

[15]  Paul Grassi Digital Authentication Guideline (Public Preview) , 2016 .

[16]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[17]  Sato Hiroyuki,et al.  Building a Security Aware Cloud by Extending Internal Control to Cloud , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[18]  I. V. Kotenko,et al.  Detection of anomalies in data for monitoring of security components in the Internet of Things , 2015, 2015 XVIII International Conference on Soft Computing and Measurements (SCM).

[19]  Felix Klaedtke,et al.  Enforceable Security Policies Revisited , 2012, POST.

[20]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[21]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[22]  Hiroyuki Sato,et al.  Establishing Trust in the Emerging Era of IoT , 2016, 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE).