Adam J. Lee
ABSTRACT
The ability to automatically compose security policies created by multiple organizations is fundamental to the development of scalable security systems. The diversity of policies leads to conflicts and the need to resolve priorities between rules. In this paper we explore the concept of defeasible policy composition, wherein policies are represented in defeasible logic and composition is based on rules for non-monotonic inference. This enables policy writers to assert rules tentatively; when policies are composed the policy with the firmest position takes precedence. In addition, the structure of our policies allows for composition to occur using a single operator; this allows for entirely automated composition. We argue that this provides a practical system that can be understood by typical policy writers, analyzed rigorously by theoreticians, and efficiently automated by computers. We aim to partially validate these claims here with a formulation of defeasible policy composition for web services, an emerging foundation for B2B commerce on the World Wide Web.
- E. S. Al Shaer and H. H. Hamend. Discovery of policy anomalies in distributed firewalls. In IEEE INFOCOMM , 2004.Google Scholar
Cross Ref
- Amazon web services. Web Page, Jan. 2006. www.amazon.com/gp/aws/landing.html.Google Scholar
- G. Antoniou, D. Billington, and M. J. Maher. On the analysis of regulations using defeasible rules. In HICSS '99: Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 6, page 6033, 1999. Google ScholarDigital Library
- G. Antoniou and A. Ghose. What is default reasoning good for? applications revisited. In 32nd Hawaii International Conference on System Sciences, Jan. 1999 Google ScholarDigital Library
- G. Antoniou, M. J. Maher, and D. Billington. Defeasible logic versus logic programming without negation as failure. Journal of Logic Programming, 42(1):47--57, 2000.Google ScholarCross Ref
- S. Batres and C. Ferris (Editors). Web services reliable messaging policy assertion(WS-RM Policy). Specification, Feb. 2005. msdn.microsoft.com/library/en-us/dnglobspec/html/WS-RMPolicy.pdf.Google Scholar
- E. Bertino, S. Jajodia, and P. Samarati. Supporting multiple access control policies in database systems. In IEEE Symposium on Security and Privacy, pages 94--109, 1996. Google ScholarDigital Library
- K. Bhargavan, C. Fournet, and A. D. Gordon. Verifying policy-based security for web services. In 11th ACM conference on Computer and Communications Security, pages 268--277, Oct. 2004. Google ScholarDigital Library
- K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse. Verified interoperable implementations of security protocols. In Computer Security Foundations Workshop (CSFW 06), Venice, Italy, July 2006. IEEE. Google ScholarDigital Library
- C. Bidan and V. Issarny. Dealing with multi-policy security in large open distributed systems. In European Symposium on Research in Computer Security (ESORICS), pages 51--66, 1998. Google ScholarDigital Library
- P. Bonatti, S. D. C. di Vimercati, and P. Samarati. A modular approach to composing access control policies. In 7th ACM Conference on Computer and Communications Security (CCS '00), pages 164--173, Nov. 2000. Google ScholarDigital Library
- L. Cholvy and F. Cuppens. Analyzing consistency of security policies. In 18th IEEE Computer Society Symposium on Research in Security and Privacy, 1997. Google ScholarDigital Library
- D. Eastlake and J. Reagle(Chairs). W3C XML-DSig working group. Web Page, Jan. 2006. www.w3.org/Signature/.Google Scholar
- Web services reliable messaging protocol(WS-R eliable M essaging). Specification, Feb. 2005. msdn.microsoft.com/library/en-us/dnglobspec/html/WS-ReliableMessaging.p%df.Google Scholar
- I. Foster, C. Kesselman, J. M. Nick, and S. Tuecke. The physiology of the grid: An open grid services architecture for distributed systems integration. In Open Grid Service Infrastructure Working Group, Global Grid Forum, Jun. 2002. Google ScholarDigital Library
- K. Frankish. Non-monotonic inference. In The Encyclopedia of Language and Linguistics. Elsevier, second edition, 2005.Google Scholar
- Google web APIs. Web Page, Jan. 2006. www.google.com/apis/.Google Scholar
- G. Governatori, A. H. M. ter Hofstede, and P. Oaks. Defeasible logic for automated negotiation. In P. Swatman and P. M. Swatman, editors, Proceedings of CollECTeR, 2000.Google Scholar
- G. Governatori, A. H. M. ter Hofstede, and P. Oaks. Is defeasible logic applicable? In G. Antoniou and G. Governatori, editors, Proceedings of the 2nd Australasian Workshop on Computational Logic, pages 47--62, Brisbane January 2001. Queensland University of Technology.Google Scholar
- B. N. Grosof, Y. Labrou, and H. Y. Chan. A declarative approach to business rules in contracts: courteous logic programs in XML. In ACM Conference on Electronic Commerce, pages 68--77, 1999. Google ScholarDigital Library
- J. Halpern and V. Weissman. Using first-order logic to reason about policies. In IEEE Computer Security Foundations Workshop (CSFW '03), Jun. 2003.Google ScholarCross Ref
- S. Horrell. Web services enhancements 2.0 support for WS-P olicy. Web Page, July 2004. msdn.microsoft.com/library/en-us/dnwse/html/wse2wspolicy.asp.Google Scholar
- C. Kaler and A. Nadalin (Editors). Web services federation language (WS-F ederation). Specification, Jul. 2003. www-106.ibm.com/developerworks/webservices/library/ws-fed/.Google Scholar
- E. C. Lupu and M. Sloman. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 25(6):852--869, 1999. Google ScholarDigital Library
- K. D. Lux, M. J. May, N. L. Bhattad, and C. A. Gunter. WSE mail: Secure internet messaging based on web services. In International Conference on Web Services, Orlando, FL, July 2005. Google ScholarDigital Library
- M. J. Maher. Propositional defeasible logic has linear complexity. Theory and Practice of Logic Programming, 1(6):691--711, 2001. Google ScholarDigital Library
- M. J. May, W. Shin, C. A. Gunter, and I. Lee. Securing the drop-box architecture for assisted living. In Formal Methods in Software Engineering (FMSE '06), Alexandria, VA, November 2006. ACM. Google ScholarDigital Library
- M. McDougall, R. Alur, and C. A. Gunter. A model-based approach to integrating security policies for embedded devices. In ACM EMSOFT, Sept. 2004. Google ScholarDigital Library
- Michael McDougall. Modeling and Analyzing Integrated Policies. PhD thesis, University of Pennsylvania, 2004. Google ScholarDigital Library
- A. Nadalin (Editor). Web services security policy language (WS-SecurityPolicy). Web Services Specification, 2002. www.verisign.com/wss/WS-SecurityPolicy.pdf.Google Scholar
- D. Nute. Defeasible logic. In 14th International Conference on Applications of Prolog, Oct. 2001.Google Scholar
- J. Reagle (Chair). W3C XML encryption working group. Web Page, Jan. 2006. www.w3.org/Encryption/2001/.Google Scholar
- D. M. Reeves, M. P. Wellman, B. N. Grosof, and H. Y. Chan. Automated negotiation from declarative contract descriptions. In 17th National Conference on Artificial Intelligence, Workshop on Knowledge-Based Electronic Markets (KBEM), Jul. 2000. Google ScholarDigital Library
- A. Rock. Deimos: A query answering defeasible logic system. Technical report, Griffith University, Mar. 2004 www.cit.gu.edu.au/~arock/defeasible/doc/Deimos-long.pdf.Google Scholar
- J. Schlimmer (Editor). Web services policy framework (WS-Policy). Web Services Specification, 2004. ftp://www6.software.ibm.com/software/developer/library/ws-policy.pdf.Google Scholar
- C. Sharp (Editor). Web services policy attachment (WS-P olicy A ttachment). Specification, Sept. 2004. msdn.microsoft.com/library/en us/dnglobspec/html/ws-policyattachment.as%p.Google Scholar
- SOAP version 1.2. W3C Recommendation, Jan. 2006. www.w3.org/TR/soap12.Google Scholar
Index Terms
- Defeasible security policy composition for web services
Recommendations
Security Policy Composition for Composite Web Services
An application based on the Service-Oriented Architecture (SOA) consists of an assembly of services, which is referred to as a composite service. A composite service can be implemented from other composite services, and hence, the application could have ...
Using Semantics for Policy-Based Web Service Composition
Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous increase in the need to deliver one-stop Web services, which are often composed of multiple component services that cross organizational boundaries. It is ...
Security Policy Composition for Composite Services
ICWE '08: Proceedings of the 2008 Eighth International Conference on Web EngineeringAn application based Service-Oriented Architecture(SOA) consists of an assembly of external services and the application is called as a composite service. Acomposite service could be implemented by other composite services hence the application could ...
Reviews
Guido Governatori
Defeasible logic is a rule-based nonmonotonic logic that is now being used in the design of applications in areas where specifications are naturally expressed in terms of rules. The application investigated in this paper—the composition of security policies—is motivated by the possibility of each entity involved in a composed service defining its own set of security policies, which must be integrated into a single policy. The main idea of the paper is to supplement policies with annotations specifying metapolicies about composition. Accordingly, every set of security policies has two components: the first component encodes the actual policies, and the second component includes the annotations covering instructions about possible compositions. Given several policies to be composed, it is likely that some policies will be in conflict with each other. This is where defeasible logic plays its main role. The authors introduce an order over the sources of the policies. Then, the resulting hierarchy is used to solve the conflicts in defeasible logic theory corresponding to the composition of the policies. Pseudocodes are given for the main algorithms for the composition of policies. The paper is a good example of an application of a particular formal method to a well-defined and important area, and it should be of interest to both practitioners and scholars. The paper has two minor drawbacks: the first is that it fails to notice that conflict between different normative sets is a very well-understood aspect in the fields of artificial intelligence and law, and normative reasoning (see, among others, Prakken’s book [1]). Additionally, the authors do not discuss some other work using defeasible logic for policies, for the composition of workflow activities (or services), and for the analysis of contract clauses. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments