Enforcing security in semantics driven policy based networks

Security is an important requirement in scenarios such as mobile computing that allow users to make meaningful ad hoc collaborations. Traditional security solutions are not feasible for these scenarios due to the varying nature of the collaborations. We propose an extensible framework that takes the semantics of the collaboration into account and uses semantics driven policies for enforcing security. Our policies are rooted in semantic web languages which make them amenable to interoperability and high level reasoning. We describe our policy based network that exploits packet content semantics to secure enterprise networks and the BGP routing process.

[1]  Steve Taylor,et al.  Towards a Semantic Web Security Infrastructure , 2004 .

[2]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[3]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[4]  Panganamala Ramana Kumar,et al.  A cautionary perspective on cross-layer design , 2005, IEEE Wireless Communications.

[5]  Marianne Winslett,et al.  Ontology-Based Policy Specification and Management , 2005, ESWC.

[6]  Edgar R. Weippl,et al.  Security Ontologies: Improving Quantitative Risk Analysis , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[7]  Lalana Kagal,et al.  A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments , 2006, SEMWEB.

[8]  Mario Piattini,et al.  A Systematic Review and Comparison of Security Ontologies , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[9]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[10]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[11]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[12]  John V. Guttag,et al.  ANTS: a toolkit for building and dynamically deploying network protocols , 1998, 1998 IEEE Open Architectures and Network Programming.

[13]  Tony Dongliang Feng,et al.  Implementation of BGP in a network simulator , 2004 .

[14]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[15]  Jeffrey M. Bradshaw,et al.  New Developments in Ontology-Based Policy Management: Increasing the Practicality and Comprehensiveness of KAoS , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[16]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[17]  William A. Arbaugh,et al.  The SwitchWare active network architecture , 1998, IEEE Netw..

[18]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[19]  Andrew James Simmonds,et al.  An Ontology for Network Security Attacks , 2004, AACC.

[20]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[21]  Scott Shenker,et al.  Integrated Services in the Internet Architecture : an Overview Status of this Memo , 1994 .

[22]  Cengiz Alaettinoglu,et al.  Routing Policy Specification Language (RPSL) , 1998, RFC.

[23]  F. Perich,et al.  Utilizing semantic policies for managing BGP route dissemination , 2008, IEEE INFOCOM Workshops 2008.

[24]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .