Approach

Who does what in the area of DAML security?

Who wants what from DAML-Sec (open problems)?

Open Issues

Application scenarios – use cases

What security aspects of your application do you want to capture with DAML-security?

Ontologies?

What is being marked-up (agent, service, web-page,…)?

How are DAML security ontologies or mark-up being used (agent, reasoning engines,…)?

Tools?

How would it help?

Determine “value added”

More questions

Is security relevant to DAML?

Use COTS security technique to secure DAML infrastructure

YES

Is DAML relevant to security?

State and enforce security solutions (expressiveness of DAML)

YES

DAML-Sec: Model and Mark-up

DAML-Sec is for

Security models in DAML (DAML as KR language)

Mark-up of resource (DAML as mark-up language)

DAML-Sec: Value added

Value added

Assume: Ontology to talk about vulnerability detection and you express your security measures in terms of that ontology

Then: New attacks/vulnerabilities and their countermeasures can be described in this ontology (worst case: need to extend ontology)

Thus: ontology-based systems adapt faster to new situations

Value added

Assume: Translation of high-level policies to low-level processes (e.g., using ontology mapping or refinement mechanisms)

Such relation could be used

Interpreting what implication changes in low-level services have for the high-level policy (e.g., monitoring system behavior-detection of intrusion-translating into statement about policy violation)

Reasoning whether low-level process satisfies high-level policy

DAML-Sec use cases

Registering a service with a directory

Restrict who can see this service.

For those who can see it: Who can use it and under what condition?

Security for meta-services (such as registration) as well as application services

Compliance of service policies and user requirements

E.g.: A service requires user/password. Another (sub)service provides user/password, but requires email.

Backward chaining and inference could be used by an agent to decide whether the service matches user requirements

Compatibility of preconditions/effects of service with user restrictions

E.g., reading news service will have the effect to store your email

DAML-S and Security

DAML-S is one area where we believe that DAML-Sec ontologies and policies could add value

We want to provide ontologies for security that are then plugged into DAML-S descriptions (input/output/conditions/effects)

Issue: make sure that ontologies are complete enough (e.g., time, policies….)

Action Items - Services

Provide usage scenarios (with focus security ) for DAML-S

Separation of concern: policy vs enforcement

Provide challenge examples of policies (e.g., access control to service, interaction with authenticated clients)

And their enforcement (e.g., Kerberos as authentication service)

Same for trust/privacy

Provide reasoning mechanism for selected security policies

Integration of role-based, capability-based, ACL models in existing security ontologies

Describe core security related services

E.g., authentication/authorization service, encryption service, policy compatibility checking service

Open Issue

Trust

Trusting a resource with the information it provides

Trusting an entity with providing service

Trusting an entity with own information (privacy)

Trusting an entity to do something

Action Items - Trust

Requirements of policy come along with criteria how to satisfy them

E.g., credentials, how many places was the info found on web

Provide an ontology for criteria associated to policy

Trust depends on

Insurance, guarantees

Resolution techniques that are in place

In context of services

Work with DAML-S coalition in providing ontologies for trust parameters

Look into existing agent frameworks what policies exist there

Pedigre - Tagging pieces of information where they come from

Meta-data that can be used to reason about to establish trust

Action Step: Case Scenarios

Request: Contact us with details about your

application

to test our ontologies and models

e.g.,

Networked environment

Wireless environment (ubiquitous computing)

JBI

Ultralog

Homeland defense


	Who does what in the area of DAML security?
	Who wants what from DAML-Sec (open problems)?


Application scenarios – use cases
	What security aspects of your application do you want to capture with DAML-security?
		Ontologies?
	What is being marked-up (agent, service, web-page,…)?
	How are DAML security ontologies or mark-up being used (agent, reasoning engines,…)?
		Tools?
	How would it help?
		Determine “value added”


	Is security relevant to DAML?
		Use COTS security technique to secure DAML infrastructure
		YES
	Is DAML relevant to security?
		State and enforce security solutions (expressiveness of DAML)
		YES


	DAML-Sec is for
		Security models in DAML (DAML as KR language)
		Mark-up of resource (DAML as mark-up language)


Value added
	Assume: Ontology to talk about vulnerability detection and you express your security measures in terms of that ontology
	Then: New attacks/vulnerabilities and their countermeasures can be described in this ontology (worst case: need to extend ontology)
	Thus: ontology-based systems adapt faster to new situations
Value added
	Assume: Translation of high-level policies to low-level processes (e.g., using ontology mapping or refinement mechanisms)
	Such relation could be used
		Interpreting what implication changes in low-level services have for the high-level policy (e.g., monitoring system behavior-detection of intrusion-translating into statement about policy violation)
		Reasoning whether low-level process satisfies high-level policy


	Registering a service with a directory
		Restrict who can see this service.
		For those who can see it: Who can use it and under what condition?
		Security for meta-services (such as registration) as well as application services
	Compliance of service policies and user requirements
		E.g.: A service requires user/password. Another (sub)service provides user/password, but requires email.
		Backward chaining and inference could be used by an agent to decide whether the service matches user requirements
	Compatibility of preconditions/effects of service with user restrictions
		E.g., reading news service will have the effect to store your email


	DAML-S is one area where we believe that DAML-Sec ontologies and policies could add value

	We want to provide ontologies for security that are then plugged into DAML-S descriptions (input/output/conditions/effects)
		Issue: make sure that ontologies are complete enough (e.g., time, policies….)


	Provide usage scenarios (with focus security ) for DAML-S
	Separation of concern: policy vs enforcement
		Provide challenge examples of policies (e.g., access control to service, interaction with authenticated clients)
		And their enforcement (e.g., Kerberos as authentication service)
		Same for trust/privacy
	Provide reasoning mechanism for selected security policies
	Integration of role-based, capability-based, ACL models in existing security ontologies
	Describe core security related services
		E.g., authentication/authorization service, encryption service, policy compatibility checking service



	Trust
		Trusting a resource with the information it provides
		Trusting an entity with providing service
		Trusting an entity with own information (privacy)
		Trusting an entity to do something


	Requirements of policy come along with criteria how to satisfy them
		E.g., credentials, how many places was the info found on web
		Provide an ontology for criteria associated to policy
	Trust depends on
		Insurance, guarantees
		Resolution techniques that are in place
	In context of services
		Work with DAML-S coalition in providing ontologies for trust parameters
		Look into existing agent frameworks what policies exist there
	Pedigre - Tagging pieces of information where they come from
		Meta-data that can be used to reason about to establish trust


	Request: Contact us with details about your
	application
	to test our ontologies and models
		e.g.,
		Networked environment
		Wireless environment (ubiquitous computing)
		JBI
		Ultralog
		Homeland defense