81,799 research outputs found
Using Event Calculus to Formalise Policy Specification and Analysis
As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement
Resolving Multi-party Privacy Conflicts in Social Media
Items shared through Social Media may affect more than one user's privacy ---
e.g., photos that depict multiple users, comments that mention multiple users,
events in which multiple users are invited, etc. The lack of multi-party
privacy management support in current mainstream Social Media infrastructures
makes users unable to appropriately control to whom these items are actually
shared or not. Computational mechanisms that are able to merge the privacy
preferences of multiple users into a single policy for an item can help solve
this problem. However, merging multiple users' privacy preferences is not an
easy task, because privacy preferences may conflict, so methods to resolve
conflicts are needed. Moreover, these methods need to consider how users' would
actually reach an agreement about a solution to the conflict in order to
propose solutions that can be acceptable by all of the users affected by the
item to be shared. Current approaches are either too demanding or only consider
fixed ways of aggregating privacy preferences. In this paper, we propose the
first computational mechanism to resolve conflicts for multi-party privacy
management in Social Media that is able to adapt to different situations by
modelling the concessions that users make to reach a solution to the conflicts.
We also present results of a user study in which our proposed mechanism
outperformed other existing approaches in terms of how many times each approach
matched users' behaviour.Comment: Authors' version of the paper accepted for publication at IEEE
Transactions on Knowledge and Data Engineering, IEEE Transactions on
Knowledge and Data Engineering, 201
Security Policy Consistency
With the advent of wide security platforms able to express simultaneously all
the policies comprising an organization's global security policy, the problem
of inconsistencies within security policies become harder and more relevant.
We have defined a tool based on the CHR language which is able to detect
several types of inconsistencies within and between security policies and other
specifications, namely workflow specifications.
Although the problem of security conflicts has been addressed by several
authors, to our knowledge none has addressed the general problem of security
inconsistencies, on its several definitions and target specifications.Comment: To appear in the first CL2000 workshop on Rule-Based Constraint
Reasoning and Programmin
A model for the analysis of security policies in service function chains
Two emerging architectural paradigms, i.e., Software Defined Networking (SDN)
and Network Function Virtualization (NFV), enable the deployment and management
of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract
Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that
packets have to traverse in the route from source to destination. While this
appealing solution offers significant advantages in terms of flexibility, it
also introduces new challenges such as the correct configuration and ordering
of SFs in the chain to satisfy overall security requirements. This paper
presents a formal model conceived to enable the verification of correct policy
enforcements in SFCs. Software tools based on the model can then be designed to
cope with unwanted network behaviors (e.g., security flaws) deriving from
incorrect interactions of SFs in the same SFC
Semantic-based policy engineering for autonomic systems
This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise
- âŠ