Semantic Web Policy Systems Matthew Dunlop Usable Security
Semantic Web Policy Systems Matthew Dunlop Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Semantic Web Policy Systems n Using Semantic Web Technologies for Policy Management on the Web Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Purpose n n n Develop a policy framework (Rein) that leverages the semantic web Allow users to define policies in their own language Provide mechanisms for reasoning over any supported rule languages Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Contributions n n n Web-based approach for representing and reasoning over policies for web resources Flexible sophistication or expressiveness of policies Provides unified mechanism for reasoning Supports compartmentalized policy development Self-describing framework Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Access control model Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Rein Ontology Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Example Rein Policy Network Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Rein Ontology Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Sample Ontology Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Reasoning Engine n Accepts requests for resources n Collects relevant information n Answers questions about access rights Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Using Rein n Rein used by guard n Rein used by client n Hybrid approach Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Implementation Requirements n Reasoners for RDF-S n Engine for supported rule language(s) n Programming language capable of: q q Accessing web Working with chosen reasoners and engines Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Photo Sharing Example Policy Language Troop Ontology Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Sample Request Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Rein implemented in Policy Aware Web Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Discussion n There is no discussion of time to process a request. The overhead for processing a complex request could be non-negligible. There are no security mechanisms in place. It seems pretty easy to perform a DOS attack, yet difficult to prevent it. Rein does not allow querying of what resources a requester has access to, only whether a requester can access a resource. Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
- Slides: 16