Policy representation and reasoning with preferences and reactivity

Policy-based privacy protection in open decentralized information systems such as the Web attracted a lot of research effort in the last years. Policies provide a flexible means to define access control conditions, to realize advanced trust-establishment techniques, and to describe and guide the behaviour of systems. The change in the use of the Web and its movement from a static information system to a user generated, highly dynamic environment requires policy-based techniques to keep step. New requirements to policy specification and reasoning are set up because, on the one hand, users expose more and more personal data and, on the other hand, the role of the Web as a communication platform gained momentum yielding an increasing dynamicy. In this thesis, the limitations of nowadays' policy frameworks are analyzed towards two fundamental principles, the specification of preferences and the representation of reactive behaviour. Based on these observations two new approaches for policy representation and reasoning are introduced, namely preference-enabled policies and reactive policies.

[1]  Wolf-Tilo Balke,et al.  User Interaction Support for Incremental Refinement of Preference-Based Queries , 2007, RCIS.

[2]  François Bry,et al.  Semantic Techniques for the Web, The REWERSE Perspective , 2009, REWERSE.

[3]  V. S. Costa,et al.  Theory and Practice of Logic Programming , 2010 .

[4]  Arne Wolf Koesling,et al.  Exploiting Policies in an Open Infrastructure for Lifelong Learning , 2007, EC-TEL.

[5]  Emil C. Lupu,et al.  Ponder2 - A Policy Environment for Autonomous Pervasive Systems , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[6]  Emil C. Lupu,et al.  A Survey of Policy Specification Approaches , 2002 .

[7]  Daniel Schubert,et al.  An ECA Engine for Deploying Heterogeneous Component Languages in the Semantic Web , 2006, EDBT Workshops.

[8]  Ninghui Li,et al.  A formal semantics for P3P , 2004, SWS '04.

[9]  Jeff Z. Pan,et al.  The 7th International Semantic Web Conference , 2008 .

[10]  Donald Kossmann,et al.  The Skyline operator , 2001, Proceedings 17th International Conference on Data Engineering.

[11]  Eelco Herder,et al.  Exploiting Preference Queries for Searching Learning Resources , 2007, EC-TEL.

[12]  Henry Story,et al.  FOAF+TLS: RESTful Authentication for the Social Web , 2009, SPOT@ESWC.

[13]  Thomas Eiter,et al.  Towards automated integration of guess and check programs in answer set programming: a meta-interpreter and applications , 2004, Theory and Practice of Logic Programming.

[14]  Jennifer Widom,et al.  Active Database Systems: Triggers and Rules For Advanced Database Processing , 1994 .

[15]  Jan Chomicki,et al.  Preference formulas in relational queries , 2003, TODS.

[16]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[17]  Torsten Schaub,et al.  Qualitative Constraint Enforcement in Advanced Policy Specification , 2007, ECSQARU.

[18]  Bernhard Seeger,et al.  An optimal and progressive algorithm for skyline queries , 2003, SIGMOD '03.

[19]  James Bailey,et al.  Flavours of XChange, a Rule-Based Reactive Language for the (Semantic) Web , 2005, RuleML.

[20]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[21]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[22]  Michael Eckert,et al.  Twelve Theses on Reactive Rules for the Web , 2006, EDBT Workshops.

[23]  Jack Minker,et al.  Using Priorities to Combine Knowledge Bases , 1996, Int. J. Cooperative Inf. Syst..

[24]  Piero A. Bonatti,et al.  Rule-Based Policy Representation and Reasoning for the Semantic Web , 2007, Reasoning Web.

[25]  Daniel F. Sterne,et al.  On the buzzword 'security policy' , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Axel Polleres,et al.  Enabling Trust and Privacy on the Social Web , 2009 .

[27]  B. Hamber Publications , 1998, Weed Technology.

[28]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[29]  Huajun Chen,et al.  The Semantic Web , 2011, Lecture Notes in Computer Science.

[30]  Norbert E. Fuchs,et al.  Semantic Web Policies - A Discussion of Requirements and Research Issues , 2006, ESWC.

[31]  Latanya Sweeney,et al.  Guaranteeing anonymity when sharing medical data, the Datafly System , 1997, AMIA.

[32]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[33]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[34]  H. T. Kung,et al.  On the Average Number of Maxima in a Set of Vectors and Applications , 1978, JACM.

[35]  Donald F. Towsley,et al.  Optimizing cost-sensitive trust-negotiation protocols , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[36]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[37]  Georg Gottlob,et al.  Disjunctive datalog , 1997, TODS.

[38]  Carlo Zaniolo,et al.  Temporal aggregation in active database rules , 1997, SIGMOD '97.

[39]  Peter C. Fishburn,et al.  Preference Structures and Their Numerical Representations , 1999, Theor. Comput. Sci..

[40]  Lars Kulik,et al.  Location privacy and location-aware computing , 2006 .

[41]  Chris Hanson,et al.  Using Dependency Tracking to Provide Explanations for Policy Management , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[42]  Wolf-Tilo Balke,et al.  Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations , 2008, Secure Data Management.

[43]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[44]  Alexandra Poulovassilis,et al.  Event-Condition-Action Rule Languages for the Semantic Web , 2006, EDBT Workshops.

[45]  Oshani Seneviratne,et al.  Policy-Aware Content Reuse on the Web , 2009, International Semantic Web Conference.

[46]  Werner Kießling,et al.  Situated Preferences and Preference Repositories for Personalized Database Applications , 2004, ER.

[47]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[48]  Enrico Motta,et al.  Data Republishing on the Social Semantic Web , 2009, SPOT@ESWC.

[49]  Rina Dechter,et al.  Propositional semantics for disjunctive logic programs , 1994, Annals of Mathematics and Artificial Intelligence.

[50]  Marianne Winslett,et al.  Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems , 2008, TSEC.

[51]  José Júlio Alferes,et al.  Towards Generic Query, Update, and Event Languages for the Semantic Web , 2004, PPSWR.

[52]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[53]  Piero A. Bonatti,et al.  Advanced Policy Explanations on the Web , 2006, ECAI.

[54]  Jorge Lobo,et al.  Reasoning about Policies using Logic Programs , 2001, Answer Set Programming.

[55]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[56]  Jon Peterson,et al.  A Presence-based GEOPRIV Location Object Format , 2005, RFC.

[57]  Elisa Bertino,et al.  PDL with preferences , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[58]  Piero A. Bonatti,et al.  Reactive Policies for the Semantic Web , 2010, ESWC.

[59]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[60]  Ilkka Niemelä,et al.  WASP WP3 Report: Language Extensions and Software Engineering for ASP , 2005 .

[61]  Wolfgang Nejdl,et al.  Rule-based Policy Specification , 2007, Secure Data Management in Decentralized Systems.

[62]  Jane Drummond Location Privacy and Location-Aware Computing , 2006 .

[63]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[64]  John G. Breslin,et al.  Social Semantic Web , 2009, Handbook of Semantic Web Technologies.

[66]  Frank van Harmelen,et al.  A semantic web primer , 2004 .

[67]  Hong Ling,et al.  Polı , 2011 .

[68]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[69]  John G. Breslin,et al.  Using the Semantic Web for linking and reusing data across Web 2.0 communities , 2008, J. Web Semant..

[71]  Wolf Siberski,et al.  Guarding a Walled Garden - Semantic Privacy Preferences for the Social Web , 2010, ESWC.

[72]  José Júlio Alferes,et al.  r 3- A Foundational Ontology for Reactive Rules , 2007, OTM Conferences.

[73]  Emilio Vargas Controlled natural language policies , 2009 .

[74]  Marianne Winslett,et al.  Requirements for policy languages for trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[75]  Mikael Berndtsson,et al.  Design and Implementation of an ECA Rule Markup Language , 2005, RuleML.

[76]  Sharma Chakravarthy,et al.  SnoopIB: Interval-based event specification and detection for active databases , 2003, Data Knowl. Eng..

[77]  I. Niemelä,et al.  Extending the Smodels system with cardinality and weight constraints , 2001 .

[78]  Eelco Herder,et al.  What Do You Prefer? Using Preferences to Enhance Learning Technology , 2008, IEEE Transactions on Learning Technologies.

[79]  Stefano Paraboschi,et al.  Active XQuery , 2002, Proceedings 18th International Conference on Data Engineering.

[80]  Juri Luca De Coi,et al.  A Review of Trust Management, Security and Privacy Policy Languages , 2016, SECRYPT.

[81]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[82]  Thomas Eiter,et al.  Uniform Equivalence of Logic Programs under the Stable Model Semantics , 2003, ICLP.

[83]  Hussein Zedan,et al.  A Compositional Event & Time-Based Policy Model , 2006, POLICY.

[84]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[85]  Jürgen Dix,et al.  Heterogenous Active Agents , 2000 .

[86]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[87]  Eelco Herder,et al.  Hybrid Personalization For Recommendations , 2008, LWA.

[88]  Arne Wolf Koesling,et al.  Control Your eLearning Environment: Exploiting Policies in an Open Infrastructure for Lifelong Learning , 2008, IEEE Transactions on Learning Technologies.

[89]  Vladimir Lifschitz,et al.  Closed-World Databases and Circumscription , 1987, Artif. Intell..

[90]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[91]  Wolf-Tilo Balke,et al.  Incremental Trade-Off Management for Preference-Based Queries , 2007, Int. J. Comput. Sci. Appl..

[92]  Chitta Baral,et al.  Knowledge Representation, Reasoning and Declarative Problem Solving , 2003 .

[93]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[94]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[95]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2005, IEEE Transactions on Dependable and Secure Computing.

[96]  Phan Minh Dung,et al.  On the Relations between Stable and Well-Founded Semantics of Logic Programs , 1992, Theor. Comput. Sci..

[97]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[98]  Michael Gelfond,et al.  Classical negation in logic programs and disjunctive databases , 1991, New Generation Computing.

[99]  Markus Endres,et al.  Advanced preference query processing for e-commerce , 2008, SAC '08.

[100]  Hermann A. Maurer,et al.  The Transformation of the Web: How Emerging Communities Shape the Information we Consume , 2006, J. Univers. Comput. Sci..

[101]  Piero A. Bonatti,et al.  Rule-Based Policy Representations and Reasoning , 2009, REWERSE.

[102]  Blai Bonet High-Level Planning and Control with Incomplete Information Using POMDP's , 1998 .

[104]  F. B. Vernadat,et al.  Decisions with Multiple Objectives: Preferences and Value Tradeoffs , 1994 .

[105]  Chiaki Sakama,et al.  Abducing Priorities to Derive Intended Conclusions , 1999, IJCAI.

[106]  Rebecca Montanari,et al.  Towards Socially Aware Mobile Phones , 2008, SDoW@ISWC.

[107]  José Júlio Alferes,et al.  Evolution and Reactivity for the Web , 2005, Reasoning Web.

[108]  Piero A. Bonatti,et al.  A Rule-Based Trust Negotiation System , 2010, IEEE Transactions on Knowledge and Data Engineering.

[109]  Axel Polleres,et al.  Towards Logic Programs with Ordered and Unordered Disjunction ? , 2008 .

[110]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[111]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[112]  Juri Luca De Coi,et al.  Using Natural Language Policies for Privacy Control in Social Platforms , 2009, SPOT@ESWC.

[113]  José Júlio Alferes,et al.  Towards Reactive Semantic Web Policies: Advanced Agent Control for the Semantic Web , 2008, International Semantic Web Conference.

[114]  Jon Doyle,et al.  Efficient utility functions for ceteris paribus preferences , 2002, AAAI/IAAI.

[115]  Werner Kießling,et al.  Foundations of Preferences in Database Systems , 2002, VLDB.

[116]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[117]  John G. Breslin,et al.  The Future of Social Networks on the Internet: The Need for Semantics , 2007, IEEE Internet Computing.

[118]  Chiaki Sakama,et al.  Prioritized logic programming and its application to commonsense reasoning , 2000, Artif. Intell..

[119]  Elisa Bertino,et al.  Temporal Authorization Bases: From Specification to Integration , 2000, J. Comput. Secur..

[120]  Erik Duval,et al.  Services for Knowledge Resource Sharing & Management in an Open Source Infrastructure for Lifelong Competence Development , 2007, Seventh IEEE International Conference on Advanced Learning Technologies (ICALT 2007).

[121]  Gerhard Brewka,et al.  Complex Preferences for Answer Set Optimization , 2004, KR.

[122]  Marianne Winslett,et al.  No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web , 2004, ESWS.

[123]  J.L. De Coi,et al.  A Flexible Policy-Driven Trust Negotiation Model , 2007, 2007 IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT'07).

[124]  Ilkka Niemelä,et al.  Logic Programs with Ordered Disjunction , 2004, Comput. Intell..

[125]  Ramakrishnan Srikant,et al.  An XPath-based preference language for P3P , 2003, WWW '03.

[126]  D. Olmedilla Semantic Web Policies for Security , Trust Management and Privacy in Social Networks , 2009 .

[127]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[128]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[129]  Michael Gelfond,et al.  Representing Action and Change by Logic Programs , 1993, J. Log. Program..

[130]  Teodor C. Przymusinski Stable semantics for disjunctive programs , 1991, New Generation Computing.

[131]  Michael Eckert,et al.  Rule-Based Composite Event Queries: The Language XChangeEQ and Its Semantics , 2007, RR.

[132]  Torsten Schaub,et al.  Towards a Classification of Preference Handling Approaches in Nonmonotonic Reasoning , 2002 .

[133]  Alexandra Poulovassilis,et al.  An event-condition-action language for XML , 2002, WWW '02.

[134]  Ilkka Niemelä,et al.  Implementing Ordered Disjunction Using Answer Set Solvers for Normal Programs , 2002, JELIA.

[135]  Steven Skiena,et al.  Implementing discrete mathematics - combinatorics and graph theory with Mathematica , 1990 .

[136]  Alexandra Poulovassilis,et al.  Event-condition-action rules on RDF metadata in P2P environments , 2006, Comput. Networks.

[137]  Nicholas R. Jennings,et al.  Knowledge-based acquisition of tradeoff preferences for negotiating agents , 2003, ICEC '03.

[138]  Wolf-Tilo Balke,et al.  Efficient Distributed Skylining for Web Information Systems , 2004, EDBT.

[139]  Mikhail J. Atallah,et al.  Point-Based Trust: Define How Much Privacy Is Worth , 2006, ICICS.

[140]  Steven Foster,et al.  The Augmented Social Network: Building identity and trust into the next-generation Internet , 2003, First Monday.