Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

Abstract : Enforcing rich policies in open environments will increasingly require the ability to dynamically identify external sources of information necessary to enforce different policies (e.g. finding an appropriate source of location information to enforce a location-sensitive access control policy). In this paper, we introduce a semantic web framework and a meta-control model for dynamically interleaving policy reasoning and external service discovery and access. Within this framework, external sources of information are wrapped as web services with rich semantic profiles allowing for the dynamic discovery and comparison of relevant sources of information. Each entity (e.g. user, sensor, application, or organization) relies on one or more Policy Enforcing Agents responsible for enforcing relevant privacy and security policies in response to incoming requests. These agents implement meta-control strategies to dynamically interleave semantic web reasoning and service discovery and access. The paper also presents preliminary empirical results. This research has been conducted in the context of myCampus, a pervasive computing environment aimed at enhancing everyday campus life at Carnegie Mellon University. The framework presented can be extended to a range of other applications requiring the enforcement of context-sensitive policies (e.g. virtual enterprises, coalition forces, homeland security, etc.).

[1]  Takahiro Kawamura,et al.  Semantic Matching of Web Services Capabilities , 2002, SEMWEB.

[2]  Jinghai Rao,et al.  Semantic Web Service Composition via Logic-based Program Synthesis , 2004 .

[3]  Ernest Friedman Hill,et al.  Jess in Action: Java Rule-Based Systems , 2003 .

[4]  Arthur H. M. ter Hofstede,et al.  What's in a Service? , 2002, Distributed and Parallel Databases.

[5]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[6]  Anupam Joshi,et al.  A Secure Infrastructure for Service Discovery and Access in Pervasive Computing , 2003, Mob. Networks Appl..

[7]  Norman Sadeh,et al.  Creating an Open Agent Environment for Context-Aware M-Commerce , 2002 .

[8]  Jeff Heflin,et al.  An Evaluation of Knowledge Base Systems for Large OWL Datasets , 2004, SEMWEB.

[9]  Mihhail Matskin,et al.  Composition of Semantic Web services using Linear Logic theorem proving , 2006, Inf. Syst..

[10]  Peter Steenkiste,et al.  Implementing access control to people location information , 2004, SACMAT '04.

[11]  Steve Taylor,et al.  Towards a Semantic Web Security Infrastructure , 2004 .

[12]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[13]  Peter F. Patel-Schneider,et al.  Enabling context-aware and privacy-conscious user data sharing , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[14]  James A. Hendler,et al.  Trust Networks on the Semantic Web , 2003, WWW.

[15]  Fabien L. Gandon,et al.  Semantic web technologies to reconcile privacy and context awareness , 2003, Journal of Web Semantics.

[16]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[17]  Timothy W. Finin,et al.  Authorization and privacy for semantic Web services , 2004, IEEE Intelligent Systems.

[18]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[19]  Kent E. Seamons,et al.  Mobile Trust Negotiation - Authentication and Authorization in Dynamic Mobile Networks , 2004, Communications and Multimedia Security.

[20]  Marianne Winslett,et al.  How to Exploit Ontologies for Trust Negotiation , 2004, Trust@ISWC.

[21]  Jos de Bruijn,et al.  Web Service Modeling Ontology , 2005, Appl. Ontology.

[22]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[23]  Arthur H. M. ter Hofstede,et al.  What's in a service? Towards accurate description of non-functional service properties , 2002 .

[24]  Fabien L. Gandon,et al.  A Semantic E-Wallet to Reconcile Privacy and Context Awareness , 2003, SEMWEB.

[25]  Lujo Bauer,et al.  Device-Enabled Authorization in the Grey System ¶ , 2006 .

[26]  Fabien L. Gandon,et al.  Ambient Intelligence: The MyCampus Experience , 2005 .

[27]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[28]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[29]  Yun Peng,et al.  On Homeland Security and the Semantic Web: A Provenance and Trust Aware Inference Framework , 2005, AAAI Spring Symposium: AI Technologies for Homeland Security.

[30]  Earnest J. Friedman-hill Jess in Action: Java Rule-Based Systems , 2003 .

[31]  Jeffrey M. Bradshaw,et al.  Policy and Contract Management for Semantic Web Services , 2004 .

[32]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.