|
|
|
|
|
Who does what in the area of DAML security? |
|
Who wants what from DAML-Sec (open problems)? |
|
|
|
|
|
|
|
|
Application scenarios – use cases |
|
What security aspects of your application do you
want to capture with DAML-security? |
|
Ontologies? |
|
What is being marked-up (agent, service,
web-page,…)? |
|
How are DAML security ontologies or mark-up
being used (agent, reasoning engines,…)? |
|
Tools? |
|
How would it help? |
|
Determine “value added” |
|
|
|
|
|
|
|
Is security relevant to DAML? |
|
Use COTS security technique to secure DAML
infrastructure |
|
YES |
|
Is DAML relevant to security? |
|
State and enforce security solutions
(expressiveness of DAML) |
|
YES |
|
|
|
|
|
|
|
|
|
DAML-Sec is for |
|
Security models in DAML (DAML as KR language) |
|
Mark-up of resource (DAML as mark-up language) |
|
|
|
|
|
|
Value added |
|
Assume: Ontology to talk about vulnerability
detection and you express your security measures in terms of that ontology |
|
Then: New attacks/vulnerabilities and their
countermeasures can be described in this ontology (worst case: need to
extend ontology) |
|
Thus: ontology-based systems adapt faster to new
situations |
|
Value added |
|
Assume: Translation of high-level policies to
low-level processes (e.g., using ontology mapping or refinement mechanisms) |
|
Such relation could be used |
|
Interpreting what implication changes in
low-level services have for the high-level policy (e.g., monitoring system
behavior-detection of intrusion-translating into statement about policy
violation) |
|
Reasoning whether low-level process satisfies
high-level policy |
|
|
|
|
|
Registering a service with a directory |
|
Restrict who can see this service. |
|
For those who can see it: Who can use it and
under what condition? |
|
Security for meta-services (such as
registration) as well as
application services |
|
Compliance of service policies and user
requirements |
|
E.g.: A service requires user/password. Another
(sub)service provides user/password, but requires email. |
|
Backward chaining and inference could be used by
an agent to decide whether the service matches user requirements |
|
Compatibility of preconditions/effects of service with user restrictions |
|
E.g., reading news service will have the effect
to store your email |
|
|
|
|
|
DAML-S is one area where we believe that
DAML-Sec ontologies and policies could add value |
|
|
|
We want to provide ontologies for security that
are then plugged into DAML-S descriptions (input/output/conditions/effects) |
|
Issue: make sure that ontologies are complete
enough (e.g., time, policies….) |
|
|
|
|
|
Provide usage scenarios (with focus security )
for DAML-S |
|
Separation of concern: policy vs enforcement |
|
Provide challenge examples of policies (e.g.,
access control to service, interaction with authenticated clients) |
|
And their enforcement (e.g., Kerberos as
authentication service) |
|
Same for trust/privacy |
|
Provide reasoning mechanism for selected
security policies |
|
Integration of role-based, capability-based, ACL
models in existing security ontologies |
|
Describe core security related services |
|
E.g., authentication/authorization service,
encryption service, policy
compatibility checking service |
|
|
|
|
|
|
|
|
|
Trust |
|
Trusting a resource with the information it
provides |
|
Trusting an entity with providing service |
|
Trusting an entity with own information
(privacy) |
|
Trusting an entity to do something |
|
|
|
|
|
Requirements of policy come along with criteria
how to satisfy them |
|
E.g.,
credentials, how many places was the info found on web |
|
Provide an ontology for criteria associated to
policy |
|
Trust depends on |
|
Insurance, guarantees |
|
Resolution techniques that are in place |
|
In context of services |
|
Work with DAML-S coalition in providing
ontologies for trust parameters |
|
Look into existing agent frameworks what
policies exist there |
|
Pedigre - Tagging pieces of information where
they come from |
|
Meta-data that can be used to reason about to
establish trust |
|
|
|
|
|
Request: Contact us with details about your |
|
application |
|
to test our ontologies and models |
|
e.g., |
|
Networked environment |
|
Wireless environment (ubiquitous computing) |
|
JBI |
|
Ultralog |
|
Homeland defense |
|
Notes