Security Policies in Dynamic Service Compositions

The paradigm of service composition emerged in the context of service oriented architectures, where it mainly referred to creating value-added services by combinitions of individual services. Nowadays, service composition is getting more and more dynamic and becomes part of pervasive systems. One of the major challenges in this context is to fulfill the security requirements of all involved parties without requiring human interaction to negotiate protection level agreements. In this paper, we propose an approach for composing access control decisions and obligations required by equitable policy domains on the fly. We show that our approach allows a policy-compliant collaboration without requiring the peers to reveal their individual rules and confirm its practicability by a prototype.

[1]  Marianne Winslett,et al.  Ontology-Based Policy Specification and Management , 2005, ESWC.

[2]  Lalana Kagal,et al.  Using Semantic Web Technologies for Policy Management on the Web , 2006, AAAI.

[3]  Lalana Kagal,et al.  Proteus: A Semantic Context-Aware Adaptive Policy Model , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[4]  Carl A. Gunter,et al.  Defeasible security policy composition for web services , 2006, FMSE '06.

[5]  Ting Yu,et al.  The Design and Enforcement of a Rule-based Constraint Policy Language for Service Composition , 2010, 2010 IEEE Second International Conference on Social Computing.

[6]  Guido Governatori,et al.  Defeasible Description Logics , 2004, RuleML.

[7]  Frédéric Cuppens,et al.  Merging security policies: analysis of a practical example , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[8]  Donald Nute,et al.  Defeasible Logic , 1994, INAP.

[9]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.