Matchmaking semantic security policies in heterogeneous clouds

The adoption of the cloud paradigm to access IT resources and services has posed many security issues which need to be cared of. Security becomes even a much bigger concern when services built on top of many commercial clouds have to interoperate. Among others, the value of the service delivered to end customers is strongly affected by the security of network which providers are able to build in typical SOA contexts. Currently, every provider advertises its own security strategy by means of proprietary policies, which are sometimes ambiguous and very often address the security problem from a non-uniform perspective. Even policies expressed in standardized languages do not appear to fit a dynamic scenario like the SOA's, where services need to be sought and composed on the fly in a way that is compatible with the end-to-end security requirements. We then propose an approach that leverages on the semantic technology to enrich standardized security policies with an ad-hoc content. The semantic annotation of policies enables machine reasoning which is then used for both the discovery and the composition of security-enabled services. In the presented approach the semantic enrichment of policies is enforced by an automatic procedure. We further developed a semantic framework capable of matchmaking in a smart way security capabilities of providers and security requirements of customers, and tested it on a use case scenario. Semantic matchmaking of security policies in cloud environments.Security ontology for modeling security concepts.Automatic semantic annotation of WS-SecurityPolicy policies.

[1]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[2]  Takahiro Kawamura,et al.  Semantic Matching of Web Services Capabilities , 2002, SEMWEB.

[3]  Myong H. Kang,et al.  Security Ontology for Annotating Resources , 2005, OTM Conferences.

[4]  Massimiliano Rak,et al.  Ontology-based Negotiation of security requirements in cloud , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[5]  Rocco Aversa,et al.  Proceedings of the Federated Conference on Computer Science and Information Systems pp. 973–980 ISBN 978-83-60810-22-4 An Analysis of mOSAIC ontology for Cloud Resources annotation , 2022 .

[6]  Giuseppe Di Modica,et al.  Semantic Security Policy Matching in Service Oriented Architectures , 2011, 2011 IEEE World Congress on Services.

[7]  Amit P. Sheth,et al.  On Using WS-Policy, Ontology, and Rule Reasoning to Discover Web Services , 2004, INTELLCOMM.

[8]  Kunal Verma,et al.  Semantic Matching of Web Service Policies , 2005, SDWP@ICWS.

[9]  Maria Beatriz Felgar de Toledo,et al.  Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes , 2008, 2008 IEEE International Conference on Semantic Computing.

[10]  Sebastian Speiser Semantic Annotations for WS-Policy , 2010, 2010 IEEE International Conference on Web Services.

[11]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[12]  Giuseppe Di Modica,et al.  Semantic annotations for security policy matching in WS-Policy , 2011, Proceedings of the International Conference on Security and Cryptography.

[13]  He Zheng-qiu,et al.  Semantic Security Policy for Web Service , 2009, 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[14]  Jean-Guy Schneider,et al.  A Survey of Policy-Based Management Approaches for Service Oriented Systems , 2008 .

[15]  Giuseppe Di Modica,et al.  A Semantic Model to Support Security Matching in Cloud Environments , 2013, CLOSER.

[16]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[17]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[18]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.