Authentic Refinement of Semantically Enhanced Policies in Pervasive Systems

Pervasive systems are characterised by networked heterogeneous devices. To fulfill the security requirements of an application, these devices have to abide by certain policies. However, as the contingent interaction between devices in all possible contexts within evolving pervasive systems devices cannot be known at development time, policies cannot be dedicated to concrete security mechanisms which might later not be supported by the devices present in the network. Therefore, policies need to be expressed at a more abstract level and refined appropriately to suit applicable mechanisms at run time. In this paper we describe how security policies can be combined with ontologies to support such an automated policy refinement. As thereby policy decisions depend on semantic descriptions, the correctness of these descriptions must be verifiable at a later time for policy decisions to be evidential. We therefore propose Trusted Computing-based approaches on generating proofs of correctness of semantic descriptions deployed in policies.

[1]  Tim Ebringer,et al.  WS-attestation: efficient and fine-grained remote attestation on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[2]  Lars Wolf,et al.  Automatic Policy Refinement Using OWLS and Semantic Infrastructure Information , 2007 .

[3]  Weishan Zhang,et al.  A Genetic Algorithms-Based Approach for Optimized Self-protection in a Pervasive Service Middleware , 2009, ICSOC/ServiceWave.

[4]  Emil C. Lupu,et al.  Ponder2: A Policy System for Autonomous Pervasive Environments , 2009, 2009 Fifth International Conference on Autonomic and Autonomous Systems.

[5]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[6]  Robert Stevens,et al.  The Manchester OWL Syntax , 2006, OWLED.

[7]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[8]  Lalana Kagal,et al.  Proteus: A Semantic Context-Aware Adaptive Policy Model , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[9]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[10]  J. Farrell,et al.  Semantic Annotations for WSDL and XML Schema , 2007 .

[11]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[12]  Kunal Verma,et al.  Semantic Matching of Web Service Policies , 2005, SDWP@ICWS.

[13]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[14]  Tae-Kyung Kim,et al.  Specifying Policies for Service Negotiations of Response Time , 2004, International Conference on Computational Science.

[15]  Stefan Katzenbeisser,et al.  Improving the scalability of platform attestation , 2008, STC '08.

[16]  Anupam Joshi,et al.  Enforcing policies in pervasive environments , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[17]  Lalana Kagal,et al.  Using Semantic Web Technologies for Policy Management on the Web , 2006, AAAI.

[18]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[19]  John Mylopoulos,et al.  The Semantic Web - ISWC 2003 , 2003, Lecture Notes in Computer Science.

[20]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[21]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.