|
 ABSTRACT
The ability to automatically compose security policies created by multiple organizations is fundamental to the development of scalable security systems. The diversity of policies leads to conflicts and the need to resolve priorities between rules. In this paper we explore the concept of defeasible policy composition, wherein policies are represented in defeasible logic and composition is based on rules for non-monotonic inference. This enables policy writers to assert rules tentatively; when policies are composed the policy with the firmest position takes precedence. In addition, the structure of our policies allows for composition to occur using a single operator; this allows for entirely automated composition. We argue that this provides a practical system that can be understood by typical policy writers, analyzed rigorously by theoreticians, and efficiently automated by computers. We aim to partially validate these claims here with a formulation of defeasible policy composition for web services, an emerging foundation for B2B commerce on the World Wide Web.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
E. S. Al Shaer and H. H. Hamend. Discovery of policy anomalies in distributed firewalls. In IEEE INFOCOMM , 2004.
|
| |
2
|
Amazon web services. Web Page, Jan. 2006. www.amazon.com/gp/aws/landing.html.
|
| |
3
|
|
| |
4
|
|
| |
5
|
G. Antoniou, M. J. Maher, and D. Billington. Defeasible logic versus logic programming without negation as failure. Journal of Logic Programming, 42(1):47--57, 2000.
|
| |
6
|
S. Batres and C. Ferris (Editors). Web services reliable messaging policy assertion(WS-RM Policy). Specification, Feb. 2005. msdn.microsoft.com/library/en-us/dnglobspec/html/WS-RMPolicy.pdf.
|
| |
7
|
|
 |
8
|
|
| |
9
|
|
| |
10
|
|
| |
11
|
|
| |
12
|
|
| |
13
|
D. Eastlake and J. Reagle(Chairs). W3C XML-DSig working group. Web Page, Jan. 2006. www.w3.org/Signature/.
|
| |
14
|
Web services reliable messaging protocol(WS-R eliable M essaging). Specification, Feb. 2005. msdn.microsoft.com/library/en-us/dnglobspec/html/WS-ReliableMessaging.p%df.
|
| |
15
|
I. Foster, C. Kesselman, J. M. Nick, and S. Tuecke. The physiology of the grid: An open grid services architecture for distributed systems integration. In Open Grid Service Infrastructure Working Group, Global Grid Forum, Jun. 2002.
|
| |
16
|
K. Frankish. Non-monotonic inference. In The Encyclopedia of Language and Linguistics. Elsevier, second edition, 2005.
|
| |
17
|
Google web APIs. Web Page, Jan. 2006. www.google.com/apis/.
|
| |
18
|
G. Governatori, A. H. M. ter Hofstede, and P. Oaks. Defeasible logic for automated negotiation. In P. Swatman and P. M. Swatman, editors, Proceedings of CollECTeR, 2000.
|
| |
19
|
G. Governatori, A. H. M. ter Hofstede, and P. Oaks. Is defeasible logic applicable? In G. Antoniou and G. Governatori, editors, Proceedings of the 2nd Australasian Workshop on Computational Logic, pages 47--62, Brisbane January 2001. Queensland University of Technology.
|
| |
20
|
Benjamin N. Grosof , Yannis Labrou , Hoi Y. Chan, A declarative approach to business rules in contracts: courteous logic programs in XML, Proceedings of the 1st ACM conference on Electronic commerce, p.68-77, November 03-05, 1999, Denver, Colorado, United States
[doi> 10.1145/336992.337010]
|
| |
21
|
J. Halpern and V. Weissman. Using first-order logic to reason about policies. In IEEE Computer Security Foundations Workshop (CSFW '03), Jun. 2003.
|
| |
22
|
S. Horrell. Web services enhancements 2.0 support for WS-P olicy. Web Page, July 2004. msdn.microsoft.com/library/en-us/dnwse/html/wse2wspolicy.asp.
|
| |
23
|
C. Kaler and A. Nadalin (Editors). Web services federation language (WS-F ederation). Specification, Jul. 2003. www-106.ibm.com/developerworks/webservices/library/ws-fed/.
|
| |
24
|
|
| |
25
|
|
| |
26
|
|
| |
27
|
Michael J. May , Wook Shin , Carl A. Gunter , Insup Lee, Securing the drop-box architecture for assisted living, Proceedings of the fourth ACM workshop on Formal methods in security, p.1-12, November 03-03, 2006, Alexandria, Virginia, USA
[doi> 10.1145/1180337.1180338]
|
| |
28
|
|
| |
29
|
|
| |
30
|
A. Nadalin (Editor). Web services security policy language (WS-SecurityPolicy). Web Services Specification, 2002. www.verisign.com/wss/WS-SecurityPolicy.pdf.
|
| |
31
|
D. Nute. Defeasible logic. In 14th International Conference on Applications of Prolog, Oct. 2001.
|
| |
32
|
J. Reagle (Chair). W3C XML encryption working group. Web Page, Jan. 2006. www.w3.org/Encryption/2001/.
|
| |
33
|
|
| |
34
|
A. Rock. Deimos: A query answering defeasible logic system. Technical report, Griffith University, Mar. 2004 www.cit.gu.edu.au/~arock/defeasible/doc/Deimos-long.pdf.
|
| |
35
|
J. Schlimmer (Editor). Web services policy framework (WS-Policy). Web Services Specification, 2004. ftp://www6.software.ibm.com/software/developer/library/ws-policy.pdf.
|
| |
36
|
C. Sharp (Editor). Web services policy attachment (WS-P olicy A ttachment). Specification, Sept. 2004. msdn.microsoft.com/library/en us/dnglobspec/html/ws-policyattachment.as%p.
|
| |
37
|
SOAP version 1.2. W3C Recommendation, Jan. 2006. www.w3.org/TR/soap12.
|
CITED BY 2
|
|
Glenn Bruns , Daniel S Dantas , Michael Huth, A simple and expressive semantic framework for policy composition in access control, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.12-21, November 02-02, 2007, Fairfax, Virginia, USA
|
|
|
|
REVIEW
"Guido Governatori : Reviewer"
Defeasible logic is a rule-based nonmonotonic logic that is now being used in the design of applications in areas where specifications are naturally expressed in terms of rules. The application investigated in this paper—the composition of s
more...
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
I.2